Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: fixed typo and monospace formatting

...

First, a private key entry must be generated. JKS files may contain any number of entries, as long as each one has a different identifier or "alias." This sample command uses the alias "vibesclient1" to identify the key.

keytool -keystore example.jks -alias vibesclient1 -genkey -keyalg RSA -keysize 2048

This will prompt for a keystore password, first and last name, organizational unit, organization, city, state, and country code. These should be provided as appropriate. As mentioned above, the "first and last name" field should contain the email address that will be used as a user ID when making API calls with this certificate, andthe "organization" field should identify your company. After all fields have been entered correctly, the keytool program will produce a keystore file (in this case "example.jks") or add an additional key entry if the keystore file already exists. You must remember the keystore password; it will be used every time the keystore is accessed.

...

Now that the private key has been generated, a CSR can be produced.

keytool -keystore example.jks -alias vibesclient1 -certreq -file vibesclient1.csr

This will produce a certificate signing request in a file called "vibesclient1.csr". If you inspect that file, you will see that it is a base-64 encoded string enclosed in "BEGIN NEW CERTIFICATE REQUEST" and "END NEW CERTIFICATE REQUEST" lines. That file must be provided to Vibes.

...

After Vibes generates a certificate from the CSR, we will return it, along with the Vibes CA Certificate, to you. These must both be imported into the keystore. When importing your certificate, you must use the same alias that you used before. The Vibes CA Certificate may be imported with any other alias that is not yet being used in the keystore file.

keytool -keystore example.jks -alias vibesca -import -file vibes-cacert.crt

This command will prompt "Trust this certificate?"; you will need to respond "yes" to proceed.

keytool -keystore example.jks -alias vibesclient1 -import -file vibesclient1.crt

This command should produce the output "Certificate was added to keystore". That indicates that the command was successful.

...

To generate a private key and CSR, a single command can be used:

openssl req -outform PEM -out vibesclient1.csr -newkey rsa:2048 -keyout vibesclient1.key -sha256 -verbose

This will prompt for a PEM pass phrase (with confirmation), country name, state name, locality, organization name, organizational unit, common name, and possibly other fields like email address. As mentioned above, the "first and last name" field should contain the email address that will be used as a user ID when making API calls with this certificate, andthe "organization" field should identify your company. Other fields may be specified however seems most appropriate. You must remember the pass phrase; it will be needed whenever using the private key.

...