Key Store Management

In this section:

This section describes how to generate the keypair and generate the certificate signing request.

Note: In this section, iWay Software is used as an example for demonstration purposes. You must use the appropriate information that corresponds to your company or organization.


Top of page

x
Generating the Key Pair

Use the following command to generate the key pair:

D:\certificate>keytool -genkey -v -alias iwaysoftware -validity 365 
-keyalg RSA -keypass iwaysoft -keystore iway.jks -storepass iwaysoft 
What is your first and last name?
   [Unknown]:  www.iwaysoft.com 
What is the name of your organizational unit?
   [Unknown]:  iwaysoft 
What is the name of your organization?
   [Unknown]:  iwaysoft 
What is the name of your City or Locality?
   [Unknown]:  New York 
What is the name of your State or Province?
   [Unknown]:  New York 
What is the two-letter country code for this unit?
   [Unknown]:  US 
Is CN=www.iwaysoft.com, OU=iwaysoft, O=iwaysoft, L=New York, ST=New York, C=US correct?
   [no]:  yes 

Top of page

x
Generating the Certificate Signing Request

Use the following command to generate the certificate signing request:

D:\certificate>keytool -certreq -alias iwaysoftware -file iwaysoft 
-keystore iway.jks -storepass iwaysoft 

Top of page

x
Purchasing the Commercial Certificate From VeriSign or a Similar Certificate Authority

You must purchase the commercial certificate from VeriSign or a similar Certificate Authority (CA).

The following is a link to the VeriSign Web site that you can use:

http://www.verisign.com/ssl/buy-ssl-certificates/index.html

Note: For a list of approved Certificate Authorities, it is recommended that you check with Salesforce.


Top of page

x
Importing the Root Certificate and Intermediate Certificate

Once you receive the commercial certificate in the mail with the signed certificate, use the following command to import the root certificate:

D:\certificate>keytool -import -trustcacerts -alias verisign_root_ca 
-file verisign_trial_root.cer -keystore iway.jks -storepass iwaysoft 

When prompted regarding trust, enter Yes. Then import the intermediate certificate using the following command:

D:\certificate>keytool -import -trustcacerts -alias  
verisign_intermediate_ca -file verisign_trial_intermediate_ca.cer 
-keystore iway.jks -storepass iwaysoft 

Top of page

x
Importing the Signed Certificate

Copy the signed certificate from the mail and paste it into a new empty file that has a .CER extension. Use the following command to ensure that the alias is the same as the one that is used during the key generation:

D:\certificate>keytool -import -alias iwaysoftware -file iwaysoft.cer 
-keystore iway.jks -storepass iwaysoft 

iWay Software