This document addresses only how to create a Java keystore which will contain an M.I.T. CA certificate. This is NOT a tutorial on Java keystores.

PREREQUISITES

Before you begin, you must have the following:

${renderedContent}
${renderedContent}

1. How to create a Server Trust Store.

You will need to obtain the MIT CA and the MIT Client CA certificates.

For the MIT CA certificate, go to: http://ca.mit.edu/mitca.crt and down load and save the certificate.
For the MIT Client CA certificate, go to: http://ca.mit.edu/mitClient.crt and down load and save the certificate.

To create the server trust store, use the following command lines:

    keytool -import -keystore serverTrustStore.jks -alias mitca -file mitca.cer
    keytool -import -keystore serverTrustStore.jks -alias mitclientca -file mitClient.cer

When prompted for a password, use a password that is well known to you.  Don't forget this password because you will need it when configuring an application to use this keystore.

Answer yes when prompted for Trust this certificate? [no]:

The serverTrustStore.jks should now contain only the mitca and mitclientca certificates.  You can verify this by using the following command line:

    keytool -list -keystore serverTrustStore.jks

And you should get something similar to:

    Your keystore contains 2 entry

    mitca, Sep 20, 2007, trustedCertEntry,
    Certificate fingerprint (MD5): F6:F0:04:3B:10:F9:5C:CE:0B:9E:0C:A0:DA:36:93:2A
    mitclientca, Aug 30, 2007, trustedCertEntry,
    Certificate fingerprint (MD5): CF:41:AB:E1:03:6D:F8:21:37:55:62:C1:EF:18:71:96

  • No labels

1 Comment

  1. Norman J Wright

    mitca.cer and mitClient is downloaded with .crt extension so the keytool commands should be 

        keytool -import -keystore serverTrustStore.jks -alias mitca -file mitca.crt
        keytool -import -keystore serverTrustStore.jks -alias mitclientca -file mitClient.crt