Creating a client key pair and certificate

Creating a client key pair and certificate Follow these steps to create a client key pair and a client certificate. Choose a password for the key store.

Suppose you choose the password secretClientPassword.

On the client system, issue the following command to create the client's public/private key pair.

You will be prompted to enter the password plus some identifying information (your input is marked bold):

keytool -genkey -alias MyClientName -keystore ~/vault/ClientKeyStore Enter keystore password: secretClientPassword What is your first and last name? [Unknown]: MyFirstName MyLastName What is the name of your organizational unit? [Unknown]: Proofreading Department What is the name of your organization? [Unknown]: Name of my bookstore What is the name of your City or Locality? [Unknown]: New York What is the name of your State or Province? [Unknown]: NY What is the two-letter country code for this unit? [Unknown]: US Is CN=MyFirstName MyLastName, OU=Proofreading Department, O=Name of my bookstore, L=New York, ST=NY, C=US correct? [no]: yes Enter key password for <MyClientName> (RETURN if same as keystore password): Next, create a certificate for this client. Enter the command all on one line: keytool -export -alias MyClientName \ -keystore ~/vault/ClientKeyStore -rfc -file ClientCertificate \ -storepass secretClientPassword This command creates a file called ClientCertificate. Later, you will import this file into the server's trust store.