User guide

ManualsBrandsMSI ManualsHome building and DecorSupero CSE-M35S

281

282

283

284

285

286

287

288

289

290

ManageEngine Firewall Analyzer :: User Guide

287

Zoho Corp.

(For example: keytool -genkey -alias tomcat -keyalg RSA -keystore

chap8.keystore)

2. You will be prompted to choose a password for your keystore. You will then be

prompted to enter your Organization information. When it asks for first and last

name, DO NOT mention your first and last name, but rather it is your Fully

Qualified Domain Name for the site you are securing say,

helpdesk.yourdomain.com. If you are ordering a Wildcard Certificate this must

begin with the * character say, *.yourdomain.com)

3. After you have completed the required information confirm that the information is

correct by entering 'y' or 'yes' when prompted. Next, you will be asked for your

password to confirm. Make sure to remember the password you choose. Your

keystore file named chap8.keystore is now created in your current working

directory.

Step 2: Generate a CSR from your new keystore

1. Next, you will use keytool to create the Certificate Signing Request (CSR) from

your Keystore. Enter the following command

keytool -certreq -alias <your_alias_name> or [Domain Name] -file

csr.txt -keystore chap8.keystore

(For example: keytool -certreq -alias tomcat -file csr.txt -keystore

chap8.keystore)

2. Type the keystore password that you chose earlier and hit Enter.

3. Your CSR file named csr.txt is now created in your current directory. Open the

CSR with a text editor, and copy and paste the text (including the BEGIN and

END tags) into the CA web order form. Be careful to save the keystore file

(chap8.keystore) as your certificates will be installed to it later.

Step 3: How to install your SSL Certificate

1. Download your Certificate files from the email from CA to the directory where

your keystore (chap8.keystore) was saved during the CSR creation process. The

certificate must be installed to this exact keystore. If you try to install it to a

different keystore it will not work. The certificates you downloaded must be

installed to your keystore in the correct order for your certificate to be trusted. If

the certificates are not installed in the correct order, then the certificate will not

authenticate properly.

2. Install the Root Certificate file:

o Each time you install a certificate to your keystore you will be prompted

for the keystore password, which you chose when generating your CSR.

o Type the following command to install the Root certificate file:

keytool -import -trustcacerts -alias root -file TrustedRoot.crt

-keystore chap8.keystore

NOTE: Choose 'Yes' if you get prompted with a message that says

"Certificate already exists in system-wide CA keystore under alias

<entrustsslca> Do you still want to add it to your own keystore?

[no]:" You will get a confirmation stating that the "Certificate was

added to keystore".