Generating your own Keystore
If you choose to use, for example, UK e-science certificates, please see the instructions in Acquiring a certificate.
Alternatively if you are not using UK e-science certificates, the broad steps are outlined below. You can use a program called 'Keystore Explorer' (http://www.lazgosoftware.com/kse/). This is essentially a GUI version of the command-line keytool provided with Java 2 SDK. It can be used to generate the necessary keystore and their associated X.509 certificates as well as importing/storing trusted certificates. However it is not freeware so you can also use the command line version of keyTool which comes with Java.
You need to:
- Create a keystore
- Generate a key pair within this keystore
- Generate a Certificate Signing Request (CSR) from the key pair
- Get the CSR signed by the trusted CA (the Registration Authority is required for this as they must contact the CA)
- Import the CA's certificate into your keystore as a trusted certificate
- The CA's response to your signing request will be a certificate bearing your details - import this into the key pair
0 Comments