Generating Key Store and Trust Store using Keytool
What is a Keytool?
What is a Keystore?
In PeopleTools 8.49 keytool is located in PS_HOME/jre/bin
Generating public/private key pair using keytool
keytool -genkey -alias hrms -keyalg RSA -keystore pskey.keystore -storetype JKS
hrms – it is alias name, any name can be entered to identify the server or instance
pskey.keystore – name of the keystore
The keypair that is generated has both public and private key combination. If we want to share out public key with other sites for authentication and communication purposes we need to export the public key from the keystore and share it. Other party needs to import this public key in their keystore.
Exporting public key from keypair
keytool -export -alias hrms -keystore pskey.keystore -rfc -file pshrms.cert
Enter keystore password:
Public key is exported in a form of certificate file which can be shared with another party. While exporting public key, password for keystore is required that was created in previous command.
This is also a self signed certificate. Ideally one should a signed certificate from a CA eg. Verisign, Geo Trust etc.
What is a TrustStore?
An entry should only be added to a truststore if the user makes a decision to trust that entity. By either generating a keypair or by importing a certificate, the user has given trust to that entry, and thus any entry in the keystore is considered a trusted entry.
Creating TrustStore and importing public key
keytool -import -alias hrms -file pshrms.cert -storetype JKS -keystore hrms.truststore
Using the above command, you can also import public certificates from other sites.
To view contents of a cert in keystore
keytool -printcert -file pshrms.cert
Read more about keystore, PKI and public key at these links: