Creating new keystores
The following topics provide information and instructions for creating new keystores:
To create a new keystore
Create a new keystore by using a new password to secure the certificate:
keytool -genkey -alias tomcat -keyalg RSA -keystore tomcatInstallationDirectory/keystore.p12- After the keystore has been created, update the server.xml file with the new password for the keystore.
For details, see the Tomcat documentation at http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#SSL (http://tomcat.apache.org/tomcat\-6.0\-doc/ssl\-howto.html#SSL) and Tomcat.
Locations of keystore and truststores
With the BMC Atrium Single Sign-On default installation, the keystore and truststores are in the following locations:
- Keystore:
<installationDirectory>/tomcat/conf/keystore.p12 - Tomcat truststore:
<installationDirectory>/tomcat/conf/cacerts.p12 - JVM truststore:
<installationDirectory>/jvm/jre/lib/security/cacerts.p12
Example of creating a new keystore
The following is an example of how to create a new keystore:
C:\apache-tomcat-6.0.20>keytool \-genkey \-alias tomcat \-keyalg RSA \-keystore C:/apache-tomcat-6.0.20/keystore.p12
Enter keystore password:
What is your first and last name?
[Unknown]: sample.bmc.com
What is the name of your organizational unit?
[Unknown]: BMC Atrium SSO
What is the name of your organization?
[Unknown]: BMC Software, Inc.
What is the name of your City or Locality?
[Unknown]: Austin
What is the name of your State or Province?
[Unknown]: TX
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=sample.bmc.com, OU=BMC Atrium SSO, O="BMC Software, Inc.", L=Austin, ST=TX, C=US correct?
[no]: yes
[no]: yes
Enter key password for <tomcat>
(RETURN if same as keystore password):
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*