Using An Ssl Certificate From A Known Certificate Authority (Ca) - Novell ZENWORKS NETWORK ACCESS CONTROL 5.0 - 09-22-2008 User Manual

4 The keytool utility prompts you for the following information:
Keystore password — Enter a password. You may want to use changeit to be
consistent with the default password of the J2SE SDK keystore.
First and Last Name — Enter the fully-qualified name of your server. This fully-
qualified name includes the host name and the domain name. For testing purposes on a
single machine, this will be localhost.
Organizational unit — Enter the appropriate value.
Organization — Enter the name of your organization.
City or locality — Enter the city or location.
State or province — Enter the unabbreviated state or province.
Two-letter country code — Enter a two-letter country code. The two-letter country code
for the United States is US.
5 Review the information you've entered so far, enter Yes if it is correct.
6 The keytool utility prompts you for the following information:
Key password for key_alias — Do not enter a password; press [Return] to use the same
password that was given for the keystore password.
7 Import the CA's root certificates into the java cacerts file by entering the following command
on the command line of the Novell ZENworks Network Access Control server:
keytool -import -alias <CA_alias> -file <ca_root_cert_file> -keystore /usr/
local/nac/keystore/cacerts
Where:
<CA_alias> is an alias unique to your cacerts file and preferably identifies the CA to which it
pertains
<ca_root_cert_file> is the file containing the CA's root certificate
8 keytool prompts for the password for the cacerts file, which should be the default:
changeit.
9 If you are prompted, enter yes to trust the certificate.
16.16.2 Using an SSL Certificate from a known Certificate
Authority (CA)
To generate a Certificate Signing Request (CSR) to be submitted to a Certificate
Authority (CA), first create a new self-signed certificate following the instructions in
the previous section, then continue as follows:
1 Log in as root to the Novell ZENworks Network Access Control server via SSH or directly
using a keyboard.
2 Enter the following at the command line:
keytool -certreq -alias <key_alias> -keyalg RSA -file <csr_filename> -keystore /usr/
local/nac/keystore/compliance.keystore
Where:
<key_alias> is the name for the key within the keystore file
<csr_filename> is the name of the file to store the certificate request
System Administration 369