Generating the Java Keystore

Java keystores provide a convenient mechanism for storing and deploying X.509 certificates and private keys. Use keystores with Secure Sockets Layer (SSL) to have the ESP Server store and read the key. Use keystores to encrypt passwords for external servers and applications (like databases) to avoid storing passwords as clear text in configuration file. Also use keystores for RSA authentication because it stores user certificates.

To create a private key, use the keystore tool located in the $JAVA_HOME/bin directory. You are required to use these private keys when calling Event Stream Processor utilities. For instance, esp_cluster_admin requires a self-signed private key.
Note: Steps 2 to 9 use sample values. The values you enter may vary.
  1. From the command line, run the following script to generate a self-signed key:
    keytool -genkey -alias username -keyalg RSA -keysize 1024 -keystore filename.jks
    Note: The user name and keystore filename required in the command are variable.
    Press Return.
  2. Enter a new keystore password.
    Enter keystore password: testpass
    Note: The password does not appear as you type for security reasons.
    Press Return.
  3. Re-enter the new keystore password.
    Re-enter new password: testpass
    Note: The password does not appear as you type for security reasons.
    Press Return.
  4. Enter your first and last name.
    What is your first and last name?
  [Unknown]:  john smith
    Press Return.
  5. Enter the name of your organizational unit.
    What is the name of your organizational unit?
  [Unknown]:  business
    Press Return.
  6. Enter the name of your organization.
    What is the name of your organization?
  [Unknown]:  company name
    Press Return.
  7. Enter the name of your city or locality.
    What is the name of your City or Locality?
  [Unknown]:  new york
    Press Return.
  8. Enter the name of your state or province.
    What is the name of your State or Province?
  [Unknown]:  new york
    Press Return.
  9. Enter your two-letter country code.
    What is the two-letter country code for this unit?
  [Unknown]:  us
    Press Return.
  10. Enter yes or y to verify that your information is correct.
    Is CN=john doe, OU=business, O=company name, L=new york, ST=new york, C=us correct?
  [no]:  y
    Press Return.
  11. Enter your key password for <ceptest> and press Return. If the key password and keystore password are the same, simply hit Return to provide the necessary value.
    Enter key password for <ceptest>
        <RETURN if same as keystore password>:
    Note: The password does not appear as you type for security reasons.
    Your new keystore file is created.
Parent topic: Configuring Security
Related concepts
Authentication
Access Control
Secure Sockets Layer (SSL) Connections
Password Encryption on Configuration Files
Related tasks
Generating Pem Format Private Keys