Filter
Top Products
13-6
Cisco Broadband Access Center 3.8 Administrator Guide
OL-27172-01
Chapter 13 Configuring CWMP Service Security
Configuring SSL Service
Note For additional information on keytool and general certificate-management concepts, refer to Sun
Microsystems documentation.
Generating Server Certificate Keystore and Private Key for a New Certificate
The keytool -genkey command generates a key pair (a public key and an associated private key), and
wraps the public key into an X.509 self-signed certificate, which is stored as a single-element certificate
chain. This certificate chain and the private key are stored in a new keystore entry identified by alias.
Note The name that you use for the alias is insignificant. Its purpose is to identify a key pair within the
keystore if you had multiple key pairs. In the context of Cisco BAC, you should have only one key pair
in the server certificate keystore, but you can have multiple keystores.
Example 13-1 Keytool -genkey
The following example uses train-1.keystore as the name of the keystore file. You can use any file name,
but using servercerts is not recommended because this conflicts with the sample keystore that Cisco
BAC provides.
dpe# ./keytool -keystore train-1.keystore -alias train-1 -genkey -keyalg RSA
Enter keystore password: changeme
What is your first and last name?
[Unknown]: train-1.bac.test
What is the name of your organizational unit?
[Unknown]: BAC Training
What is the name of your organization?
[Unknown]: Acme Device, Inc.
What is the name of your City or Locality?
[Unknown]: Boxborough
What is the name of your State or Province?
-noprompt Specifies that no prompts are to be issued during an import
operation.
-provider provider_class_name Identifies the name of the cryptographic service provider's master
class file when the service provider is not listed in the security
properties file.
-rfc Specifies that the output of the MD5 fingerprint of a certificate,
which appears in printable-encoding format.
-storepass storepass Identifies the password assigned to a keystore.
-sigalg sigalg Specifies the algorithm to be used to sign the certificate.
-storetype storetype Identifies the type assigned to a keystore or an entry into a keystore.
-trustcacerts Specifies that additional certificates are considered for the chain of
trust.
-v Specifies that the output of the MD5 fingerprint of a certificate is
printed in human-readable format.
-validity valDays Identifies an expiration period. The default is 90 days.
Table 13-1 Keytool Commands (continued)