- Download, install (unpack zip, etc.), read the README.txt. I did nothing with the km.setup file, but did edit the km.bat as instructed. Turns out that, since I'm on cygwin, that wasn't needed; instead, I execute the km program. Click on the "New" icon to create a new "token" (i.e. repository for keys, certs, etc.):
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoi3cccQr60BUP7jhA0Tso66sOCXoj9r1xNO02Ol71zFyEJeKnHGWJuTiYYXpCG4KfL-2LzHnvyYyj-iUETADroZFeeUgF_Vgc7YmjijsAB6FJbCaCaeIXB7jegUXRl3E_Q-ZvlZ_YaA/s320/moz-screenshot-76.jpg)
- Choose the PKCS#12 Token from the next dialog, and hit the checkmark ("Complete Dialog") to proceed:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAXRrWZgBpGZdKngR7380tATtTns3kWM_1GrSv6Yf1Pa-Zc5vhw-oc6rsG8qseC8TrcHI6oiWmZP1oAstMa97qwdUwpU1zvrJrmLFbpuZleSxz6vc7OLoU6AzwtuA5Q48T3ez5E1dZPA/s320/moz-screenshot-77.jpg)
- Next, you need to store a key and a certificate in this token. Select "Actions -> Generate Key" from the token management window that appears:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6XDeiYtHT6Ptmd_IM8w2_KbygWrxcoIROXmjPqe1knvc-d50MAMaeAjAqQy3zH2_3e8FSdUSxU3Vzdc98956awIq4ZvZ2bo9axXV-4q6-k-eR5dCs_bkD_HVsFFBTbhGVJB5WABX1TQ/s320/moz-screenshot-78.jpg)
- The default algorithm is RSA-1024; that's strong enough for my needs. Click the Complete Dialog checkmark...this takes a second to complete, offering a cool little progress bar while you wait. The new key shows up in the All Certificate Items viewport of the token management window; now we need a certificate to go with it. Click "Actions -> Create Certificate...". Self-signed is good enough for my needs. Click checkmark and fill in the fields as needed (only "Your name" is required):
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvDGCsuK3Whos-Shlx3-xn5KBujHPFoaaBvPsBJ8R5-RtWxnTeVYooI4jb2K60IUsELBZDRL5kbhBjB8X-8z6a1prMaQN8IahzftQu2AKP-Fcet_ekvgIMpgQ0lSs9K2HuNa_9i0HYdQ/s320/moz-screenshot-81.jpg)
- A verification appears when you check "Complete Dialog" here, with the option to label this certificate. Enter a label if you wish, and again move on with the checkmark:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicgj2H9Nf7uHIb7B6ECkyGoB6-_brrbkw1WV31UhDRPNKODhIYAlv8GIOuhV93eRHXeQ3P94O35LmTQ03FUeZ9O2bs4hPB7lzjYaadwnchRLwrQLae_bYVb_t_RLTGxQfQZG595lYAMA/s320/moz-screenshot-82.jpg)
- Save the token to a file by selecting File -> Save. This first prompts you for a passphrase, then a file location.
Next, I'll see about using that keystore for my Jetty SSL setup. Meanwhile, here are some useful links around KeyMan, SSL and Jetty's SSL instructions:
Solaris Keytool: http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html
Windows Keytool: http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html
KeyMan: http://www.alphaworks.ibm.com/tech/keyman
OpenSSL: http://www.openssl.org/docs/HOWTO/
OpenSSL FAQ: http://www.openssl.org/support/faq.html
Jetty SSL: http://docs.codehaus.org/display/JETTY/How+to+configure+SSL
Hi there very cool ωeb&X73;ite!!
ReplyDeleteΜan .. Excellent .. Wo&X6e;derful .. I will bookmark
your web site a&X6E;d tаke the feeԁs als&X6F;?
Ӏ am glаd to seek outt numеrоus us&X65;ful in&X66;ormatiоn
right here in thee poѕt, we neеd develop
more stra&X74;egies on this regard, thanκ you foг sharing.
. . . . .
L&X6F;oκ at my web sіte ... what is
a vps ()