Using An Ssl Certificate From A Known Certificate Authority (Ca) - HP 800 User Manual

6. The keytool utility prompts you for the following information:
Key password for key_alias – Do not enter a password; press [Return]
to use the same password that was given for the keystore password.
Using an SSL Certificate from a known Certificate
Authority (CA)
To generate a Certificate Signing Request (CSR) to be submitted to a Certifi-
cate Authority (CA):
1. Log in as root to the NAC 800 server via SSH.
2. Enter the following at the command line:
keytool -certreq -alias
usr/local/nac/keystore/compliance.keystore
Where:
<key_alias> is the name for the key within the keystore file
<csr_filename> is the name of the file to store the certificate request
3. keytool prompted for the password for the <keystore_filename> file,
which is the password used when the keystore was created.
4. Submit the CSR (see "Copying Files" on page 1-20) to your chosen CA
(such as Thawte or Verisign) along with anything else they might require:
http://www.verisign.com/
http://www.thawte.com/
5. If you are using a non-traditional CA (such as your own private Certificate
Authority/Public Key Infrastructure (CA/PKI), or if you are using a less
well-known CA, you will need to import the CA's root certificate(s) into
the java cacerts file by entering the following command on the command
line of the NAC 800 server:
keytool -import -alias <CA_alias> -file <ca_root_cert_file>
-keystore /usr/local/java/jre/lib/security/cacerts
Where:
<CA_alias> is an alias unique to your cacerts file and preferably identifies
Creating and Replacing SSL Certificates
<key_alias>
-keyalg RSA -file
System Administration
<csr_filename>
-keystore
13-43
/