HP ProCurve NAC 800 User Manual page 456

System Administration
Creating and Replacing SSL Certificates
15-28
2. Remove the existing keystore by entering the following at the command
line:
rm -f /usr/local/nac/keystore/compliance.keystore
3. Enter the following at the command line:
keytool -genkey -keyalg RSA -alias <key_alias> -keystore
/usr/local/nac/keystore/compliance.keystore
Where:
<key_alias> is the name for the key within the keystore file
4. The keytool utility prompts you for the following information:
• Keystore password – Enter a password. You may want to use
changeit to be consistent with the default password of the J2SE
SDK keystore.
• First and Last Name – Enter the fully-qualified name of your server.
This fully-qualified name includes the host name and the domain
name. For testing purposes on a single machine, this will be local-
host.
• Organizational unit – Enter the appropriate value.
• Organization – Enter the name of your organization.
• City or locality – Enter the city or location.
• State or province – Enter the unabbreviated state or province.
• Two-letter country code – Enter a two-letter country code. The two-
letter country code for the United States is US.
5. Review the information you've entered so far, enter Yes if it is correct.
6. The keytool utility prompts you for the following information:
Key password for key_alias – Do not enter a password;press [Return]
to use the same password that was given for the keystore password.
7. For multiple server installations, update the end user screens as follows
(This will need to be run on each server restarting the appropriate server
upon completion.):
a. Export the newly created key by entering the following command on
the command line of the NAC 800 server:
keytool -export -file /tmp/cacerts -alias