PKI Tutorials - Herong's Tutorial Examples - Version 2.10, by Dr. Herong Yang
Generating a Private-Public Key Pair for Amy
This section provides a tutorial example on how to generate a private-public key pair for amy@xyz.com using the JDK 'keytool' command.
Now let's use amy@xyz.com as an example to see how I can issue a Class 1 personal certificate to her.
Step 1 - Amy needs to use a tool to generate a private-public key pair. I will ask her to use the JDK 'keytool' command do this.
Assuming Amy has JDK installed, she can run the 'keytool' command shown below:
>keytool -genkey -alias amy@xyz.com -keystore amy.jks -storepass AmyJKS What is your first and last name? [Unknown]: amy@xyz.com What is the name of your organizational unit? [Unknown]: What is the name of your organization? [Unknown]: What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: Is CN=amy@xyz.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? [no]: yes Enter key password for <amy@xyz.com> (RETURN if same as keystore password): <Return>
Done. Amy has her private-public key pair generated and stored in a KeyStore file called amy.jks.
Last update: 2011.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of HTTPS (Hypertext Transfer Protocol Secure)
Using HTTPS with Google Chrome
Using HTTPS with Mozilla Firefox
HTTPS with IE (Internet Explorer)
Perl Scripts Communicating with HTTPS Servers
PHP Scripts Communicating with HTTPS Servers
Java Programs Communicating with HTTPS Servers
Windows Certificate Stores and Console
.NET Programs Communicating with HTTPS Servers
CAcert.org - Root CA Offering Free Certificates
►PKI CA Administration - Issuing Certificates
Requesting and Signing Personal Certificate
►Generating a Private-Public Key Pair for Amy
Generating a CSR (Certificate Signing Request)
Verifying Requester's Email Address
Exporting a Private Key from a KeyStore File
Signing a CSR into a Certificate
Importing Certificate Reply Back to KeyStore
"bad decrypt:./crypto/evp/evp_enc.c:461" Error
Requesting and Signing Server Certificate
Comodo Free Personal Certificate
Digital Signature - Microsoft Word
Digital Signature - OpenOffice.org 3