Agents Administration - Tests
 

Creating a Keystore

In order to create a keystore, a keytool is required. A keytool is a key and certificate management utility. It allows users to administer their own public/private key pairs and associated certificates for use in self-authentication (where the user authenticates himself/herself to other users/services) or data integrity and authentication services, using digital signatures. It also allows users to cache the public keys (in the form of certificates) of their communicating peers.

A certificate is a digitally signed statement from one entity (person, company, etc.), saying that the public key (and some other information) of some other entity has a particular value. (See Certificates.) When data is digitally signed, the signature can be verified to check the data integrity and authenticity. Integrity means that the data has not been modified or tampered with, and authenticity means the data indeed comes from whoever claims to have created and signed it.

The keytool also enables users to administer secret keys used in symmetric encryption/decryption (e.g. DES). The keytool stores the keys and certificates in a keystore.

For example, if you wish to create a keystore with the name WindowsAzureKeyStore.jks, then you have to run the keytoo utility from the command prompt of the target Microsoft Azure. By default, the keytool utility will be available in the <eG_Agent_Install Directory>\java\jre7\bin folder. Follow the steps given below to create a keystore using the keytool utility:

  1. From the command prompt of the eG agent install directory, execute the keytool utility using the following commnd:

    <eG_Agent_Install_Directory>\java\jre7\bin>keytool -genkeypair -alias mydomain -keyalg RSA -keystore WindowsAzureKeyStore.jks -keysize 2048 -storepass “test123”

  2. Once you have executed this command, you will be requested to provide your personal details as explained below:

    What is your first and last name?
    [Unknown]: Sam Jose
    What is the name of your organizational unit?
    [Unknown]: IT
    What is the name of your organiation?
    [Unknown]: eG Innovations
    What is the name of your City or Locality?
    [Unknown]: Chennai
    What is the name of your State or Province?
    [Unknown]: Tamil Nadu
    What is the two-letter country code for this unit?
    [Unknown]: IN

  3. Once you have entered all the personal details, you will be prompted to verify if the give credentials are correct.

    Is CN=Sam Jose, OU=IT, O=eG Innovations, L= Chennai, ST=Tamil Nadu, C=IN correct?
    [no]: yes

  4. If you have confirmed your personal details, you will be prompted to provide the password for the domain.

    Enter key password for <mydomain>
    (Return if password is same as keystore password):

The keystore is now created successfully and can be used to create a Management Certificate.

Creating a Management Certificate

To export or create a Management Certificate, you would be required to use the keytool command once again. To create a certificate named WindowsAzureSMAPI.cer in the location of your choice say for example, D:\, execute the following command from the command prompt of the eG_Agent_Install_Directory.

<eG_Agent_Install_Directory>\java\jre7\bin>keytool -v -export -file D:\WindowsAzureSMAPI.cer -keystore
WindowsAzureKeyStore.jks -alias mydomain

Once this command is executed, you will be prompted to provide the keystore password.

Enter keystore password: ********

The certificate file will be created and stored in the D:\WindowsAzureSMAIP.cer location of the eG_Agent_Install_Directory.