Using the keytool utility
You use the keytool utility to obtain a digitally signed identity certificate to replace the self-signed certificate. This utility is available with Oracle JDKs and BMC Atrium Atrium Single Sign-On.
The keytool utility must be available within the shell command environment to generate a certificate signing request (CSR) or to import a CA signed certificate.
The following topics are provided:
To verify that the keytool utility is available
- Open a shell command window.
- In the command prompt, invoke the keytool utility:
- (For Microsoft Windows) Type keytool.exe and press Enter.
(For UNIX) Type keytool and press Enter.
If the keytool utility is available, a help message is generated that shows the keytool options. The following help output is relevant to generating the CSR:
-certreq [-v] [-protected]
[-alias <alias>] [-sigalg <sigalg>]
[-file <csr_file>] [-keypass <keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-providername <name>]
[-providerclass <provider_class_name> [-providerarg <arg>]] ...
[-providerpath <pathlist>]- Proceed with generating and importing CA certificates.
If the keytool utility is not available, proceed with setting up the environment.
Configuring the environment
Before you run the keytool utility, you must initialize the environment variable path with the location of the keytool.
Update the following path:
- For Windows:
<installationDirectory>\BMC Software\AtriumSSO\jdk/bin
Example
PATH=<installationDirectory>\BMC Software\AtriumSSO\jdk\bin;%PATH% - For UNIX:
<installationDirectory>/BMC Software/AtriumSSO/jdk/bin
Example
PATH=<installationDirectory>/BMC Software/AtriumSSO/jdk/bin:$PATH
Where to go from here