Java User’s Guide
12.5 Create a Java Security Environment Step by Step
112
s
wm_java_usersguide_v12
Page 110 of 123
2008-02-25
Confidential / Released
12.5
Create a Java Security Environment Step by Step
12.5.1
Create Key Store
The key store contains the key pairs for signing data. For producing the key store with keys the
tool “keytool.exe” can be used. The program is in the Java SDK. (for a description see
http://
java.sun.com/j2se/1.3/docs/tooldocs/solaris/keytool.html
).
Example:
If you want to re-use the key store created in
Section 12.1.1
you have to use the alias and pass-
words used there.
12.5.2
Export X.509 Root Certificate
For exporting the x.509 root certificate use “keytool.exe”. The program is in the Java SDK. (for
description see
http://java.sun.com/j2se/1.3/docs/tooldocs/solaris/keytool.html
)
12.5.3
Create Java Security Commands
For producing the java security commands the tool “jseccmd.jar” can be used. This program is
in the folder “wkt\bin”.
Command for inserting the Customer Root Certificate
- In consequence of the command
Java security mode: ON (untrusted domain OFF)
HTTPS certificate verification: OFF
MES state: ON
Command for removing the Customer Root Certificate
- In consequence of the command all switches are reset
Java security mode: OFF (untrusted domain OFF)
HTTPS certificate verification: OFF
MES state: ON
keytool -genkey -alias keyname -keypass keypassword -keystore customer.ks
-storepass keystorepassword -sigalg SHA1withRSA -keyalg RSA
keytool -export -v -keystore customer.ks -storepass keystorepassword
-alias keyname > certificate.der
java -jar jseccmd.jar -cmd SetRootCert
-certfile certificate.der
-imei 012345678901234 -alias keyname
-storepass keystorepassword -keypass keypassword
-keystore customer.ks > SetRootCert.bin
java -jar jseccmd.jar -cmd DelRootCert
-imei 012345678901234 -alias keyname
-storepass keystorepassword -keypass keypassword
-keystore customer.ks > DelRootCert.bin