Creating keystores, truststores, and certificates for development

You can use the Java keytool to create keystores and certificates for development purposes. For more information about Java keytool, see keytool - Key and Certificate Management Tool.

About this task

The certificates that the Java keytool generates are self-signed and they should not be used in production deployments. You can use the following instructions to create the keystores, truststores, and certificates for Liberty, Solr, and ZooKeeper in a development environment. When you are deploying into production, you must use certificates that are provided by a trusted certificate authority.

For more information about the location of the required stores and certificates, see Keystores, truststores, and certificates for i2 Analyze.

Procedure

  1. Create a keystore and self-signed certificate.

    1. Open a command prompt and navigate to the Java bin directory on the server.
      For example, on the Liberty server: i2analyze\deploy\java\bin

    2. Create a keystore and certificate.

      For example, run the following command:

      keytool -genkeypair -alias "libertyKey" -keystore "C:\i2\i2analyze\i2-liberty-keystore.p12" -dname "CN=hostname" -keyalg RSA -storepass "password" -ext san=dns:hostname

      Important: Ensure that you provide values as follows:

      • Enter a unique alias.

      • Set the value of CN and san=dns to the hostname of the server.

      • Assign a secure password.

    3. Export the certificate from the keystore.

      For example, run the following command:

      keytool -exportcert -alias "libertyKey" -keystore "C:\i2\i2analyze\i2-liberty-keystore.p12" -file "C:\i2\i2analyze\i2-liberty-certificate.cer" -storepass "password"

When you are using self-signed certificates, you must add the certificates that you exported from your keystores to the required truststores.

  1. Create a truststore and import the specified certificate into the truststore.

    For example, run the following command:

    keytool -importcert -alias "solrKey" -file "C:\i2\i2analyze\i2-liberty-certificate.cer" -keystore "C:\i2\i2analyze\i2-liberty-truststore.p12" -storepass "password"

    Enter yes in response to the query, Trust this certificate?

    Important: Ensure that you enter values as follows:

    • Enter a unique alias.

    • Assign a secure password.

If the truststore already exists, the command adds the certificate to the existing truststore.