System Administration
Creating and Replacing SSL Certificates
13-42
Creating a New Self-signed Certificate
To generate a private keystore containing a new private key/public certificate
pair:
Command line window
1.
Log in as root to the NAC 800 server via SSH.
2.
Remove the existing keystore by entering the following at the command
line:
rm -f /usr/local/nac/keystore/compliance.keystore
3.
Enter the following at the command line:
keytool -genkey -keyalg RSA -alias <key_alias> -keystore
/usr/local/nac/keystore/compliance.keystore
Where:
<key_alias> is the name for the key within the keystore file
4.
The keytool utility prompts you for the following information:
•
Keystore password – Enter a password. You may want to use
changeit to be consistent with the default password of the J2SE
SDK keystore.
•
First and Last Name – Enter the fully-qualified name of your server.
This fully-qualified name includes the host name and the domain
name. For testing purposes on a single machine, this will be local-
host.
•
Organizational unit – Enter the appropriate value.
•
Organization – Enter the name of your organization.
•
City or locality – Enter the city or location.
•
State or province – Enter the unabbreviated state or province.
•
Two-letter country code – Enter a two-letter country code. The two-
letter country code for the United States is US.
5.
Review the information you've entered so far, enter Yes if it is correct.