Using An Ssl Certificate From A Known Certificate Authority (Ca) - HP 800 User Manual

System Administration
Creating and Replacing SSL Certificates
15-28
<CA_alias> is an alias unique to your cacerts file and preferably identifies
the CA to which it pertains
<ca_root_cert_file> is the file containing the CA's root certificate
8. keytool prompts for the password for the cacerts file, which should be
the default: changeit.
9. If you are prompted, enter yes to trust the certificate.
Using an SSL Certificate from a known Certificate
Authority (CA)
To generate a Certificate Signing Request (CSR) to be submitted to a Certifi-
cate Authority (CA), first create a new self-signed certificate following the
instructions in the previous section, then continue as follows:
1. Log in as root to the NAC 800 server via SSH.
2. Enter the following at the command line:
keytool -certreq -alias
usr/local/nac/keystore/compliance.keystore
Where:
<key_alias> is the name for the key within the keystore file
<csr_filename> is the name of the file to store the certificate request
3. keytool prompted for the password for the <keystore_filename> file,
which is the password used when the keystore was created.
4. Submit the CSR (see "Copying Files" on page 1-20) to your chosen CA
(such as Thawte or Verisign) along with anything else they might require:
http://www.verisign.com/
http://www.thawte.com/
5. If you are using a non-traditional CA (such as your own private Certificate
Authority/Public Key Infrastructure (CA/PKI), or if you are using a less
well-known CA, you will need to import the CA's root certificates into the
java cacerts file by entering the following command on the command line
of the NAC 800 server:
<key_alias>
-keyalg RSA -file
<csr_filename>
-keystore /