Generating a Private-Public Key Pair for Amy

This section provides a tutorial example on how to generate a private-public key pair for amy@xyz.com using the JDK 'keytool' command.

Now let's use amy@xyz.com as an example to see how I can issue a Class 1 personal certificate to her.

Step 1 - Amy needs to use a tool to generate a private-public key pair. I will ask her to use the JDK 'keytool' command do this.

Assuming Amy has JDK 1.6 installed, she can run the 'keytool' command shown below:

>keytool -genkey -alias amy@xyz.com -keystore amy.jks 
   -storepass AmyJKS

What is your first and last name?
  [Unknown]:  amy@xyz.com
What is the name of your organizational unit?
  [Unknown]:
What is the name of your organization?
  [Unknown]:
What is the name of your City or Locality?
  [Unknown]:
What is the name of your State or Province?
  [Unknown]:
What is the two-letter country code for this unit?
  [Unknown]:
Is CN=amy@xyz.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, 
  C=Unknown correct?
  [no]:  yes

Enter key password for <amy@xyz.com>
        (RETURN if same as keystore password): <Return>

Done. Amy has her private-public key pair generated and stored in a KeyStore file called amy.jks.

Last update: 2011.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with IE (Internet Explorer) 10

 Using HTTPS with Chrome 40

 Using HTTPS with Firefox 35

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 Certificate Stores and Certificate Console

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

PKI CA Administration - Issuing Certificates

 Root CA and Intermediate CA

 Requesting and Signing Personal Certificate

Generating a Private-Public Key Pair for Amy

 Generating a CSR (Certificate Signing Request)

 Verifying Requester's Email Address

 Exporting a Private Key from a KeyStore File

 Signing a CSR into a Certificate

 Importing Certificate Reply Back to KeyStore

 "bad decrypt:./crypto/evp/evp_enc.c:461" Error

 Requesting and Signing Server Certificate

 Digital Signature - Microsoft Word 2007

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Outdated Tutorials

 References

 PDF Printing Version