HP 800 User Manual page 434

System Administration
Creating and Replacing SSL Certificates
15-26
2. Remove the existing keystore by entering the following at the command
line:
rm -f /usr/local/nac/keystore/compliance.keystore
3. Enter the following at the command line:
keytool -genkey -keyalg RSA -alias <key_alias> -keystore
/usr/local/nac/keystore/compliance.keystore
Where:
<key_alias> is the name for the key within the keystore file
4. The keytool utility prompts you for the following information:
• Keystore password – Enter a password. You may want to use
changeit to be consistent with the default password of the J2SE
SDK keystore.
• First and Last Name – Enter the fully-qualified name of your server.
This fully-qualified name includes the host name and the domain
name. For testing purposes on a single machine, this will be local-
host.
• Organizational unit – Enter the appropriate value.
• Organization – Enter the name of your organization.
• City or locality – Enter the city or location.
• State or province – Enter the unabbreviated state or province.
• Two-letter country code – Enter a two-letter country code. The two-
letter country code for the United States is US.
5. Review the information you've entered so far, enter Yes if it is correct.
6. The keytool utility prompts you for the following information:
Key password for key_alias – Do not enter a password; press [Return]
to use the same password that was given for the keystore password.
7. Import the CA's root certificates into the java cacerts file by entering the
following command on the command line of the NAC 800 server:
keytool -import -alias <CA_alias> -file <ca_root_cert_file>
-keystore /usr/local/java/jre/lib/security/cacerts
Where: