In this section: |
This section describes how to generate the keypair and generate the certificate signing request.
Note: In this section, iWay Software is used as an example for demonstration purposes. You must use the appropriate information that corresponds to your company or organization.
Use the following command to generate the key pair:
D:\certificate>keytool -genkey -v -alias iwaysoftware -validity 365 -keyalg RSA -keypass iwaysoft -keystore iway.jks -storepass iwaysoft
What is your first and last name?
[Unknown]: www.iwaysoft.com
What is the name of your organizational unit?
[Unknown]: iwaysoft
What is the name of your organization?
[Unknown]: iwaysoft
What is the name of your City or Locality?
[Unknown]: New York
What is the name of your State or Province?
[Unknown]: New York
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=www.iwaysoft.com, OU=iwaysoft, O=iwaysoft, L=New York, ST=New York, C=US correct?
[no]: yes
Use the following command to generate the certificate signing request:
D:\certificate>keytool -certreq -alias iwaysoftware -file iwaysoft -keystore iway.jks -storepass iwaysoft
You must purchase the commercial certificate from VeriSign or a similar Certificate Authority (CA).
The following is a link to the VeriSign website that you can use:
http://www.verisign.com/ssl/buy-ssl-certificates/index.html
Note: For a list of approved Certificate Authorities, it is recommended that you check with Salesforce.
Once you receive the commercial certificate in the mail with the signed certificate, use the following command to import the root certificate:
D:\certificate>keytool -import -trustcacerts -alias verisign_root_ca -file verisign_trial_root.cer -keystore iway.jks -storepass iwaysoft
When prompted regarding trust, enter Yes. Then import the intermediate certificate using the following command:
D:\certificate>keytool -import -trustcacerts -alias verisign_intermediate_ca -file verisign_trial_intermediate_ca.cer -keystore iway.jks -storepass iwaysoft
Copy the signed certificate from the mail and paste it into a new empty file that has a .CER extension. Use the following command to ensure that the alias is the same as the one that is used during the key generation:
D:\certificate>keytool -import -alias iwaysoftware -file iwaysoft.cer -keystore iway.jks -storepass iwaysoft
iWay Software |