Generating a Self-Signed Certificate for the GUI

To establish secure communications between the GUI and the Sterling External Authentication Server, you must create a key certificate on the computer where the GUI is running.

To create a self-signed key certificate at the GUI:

  1. On the computer where the GUI is running, type the following command and press Enter: 
    keytool -genkey -alias alias_name -keyalg alg_type -keysize keysize -validity 
validity_in_days -keystore keystore_path -storepass password

    The follow example illustrates how to create a key certificate:

    $ keytool  -genkey -alias SEASGUIkeycert -keyalg RSA -keysize 1024 -validity 
360 -keystore c:\keystore\mykeystore -storepass password

    The following examples illustrate creating a key certificate using the -dname option to control the attributes used to define subject distinguished name:

    $ keytool  -genkey -alias SEASGUIkeycert -keyalg RSA -keysize 1024 -validity 
360 -keystore c:\keystore\mykeystore -storepass password -dname “CN=SEASGUI, 
DC=companyname, DC=com”
    $ keytool  -genkey -alias SEASGUIkeycert -keyalg RSA -keysize 1024 -validity 
360 -keystore c:\keystore\mykeystore -storepass password -dname “C=US, 
O=companyname, CN=SEASGUI”
  2. If you do not use the -dname option to define the CN attribute, provide the following:
    • First and last name
    Note: Information you provided in the First and last name field is used to create the CN attribute in the subject DN.
    • Organizational unit
    • Organization
    • City or locality
    • State or Province (use UPPER CASE characters)
    • Two-letter country code (use UPPER CASE characters)
  3. Verify the information you provided and press Enter.
  4. At the prompt to provide a password, do not provide a password. Press Enter.
    CAUTION:
    The key certificate and keystore passwords must be the same for Sterling External Authentication Server to function properly.
  5. Do one of the following: