shibboleth-dev - extkeytool / IdP guide suggestion
Subject: Shibboleth Developers
List archive
- From: David Champion <>
- To:
- Subject: extkeytool / IdP guide suggestion
- Date: Wed, 10 Aug 2005 21:30:53 -0500
Here's an RFE, but I'm not sure whether it ought to be filed under
software or documentation.
Extkeytool won't create a new Java keystore -- it requires that your
named keystore already exist. This is important if you're creating a
new, independent keystore for signing bilateral trust metadata, for
example.
Looking over the 1.3 IdP checklist, in the section on extkeytool (IdP
Deployment Guide > Configuration > PKI & Credentials; infocreds.html), I
notice that all the scenarios assume that you already have a keystore.
I think it would be helpful for those users unfamiliar with Java and/or
JSSE to give some basics on creating a new JKS.
For my purposes, it was sufficient to do
keytool -genkey -keystore mykeystore.jks
I accepted the default for all the prompts, generating a key for a very
unknown organization. But as a side effect I get a new keystore I can
use with extkeytool.
You might find that some different approach suits the needs of the
community better -- or, alternatively, extkeytool could be extended to
create a nonexistent keystore.
--
-D.
NSIT University of Chicago
- extkeytool / IdP guide suggestion, David Champion, 08/10/2005
- RE: extkeytool / IdP guide suggestion, Scott Cantor, 08/11/2005
- Re: extkeytool / IdP guide suggestion, 'David Champion', 08/11/2005
- Re: extkeytool / IdP guide suggestion, Walter Hoehn, 08/11/2005
- Re: extkeytool / IdP guide suggestion, 'David Champion', 08/11/2005
- RE: extkeytool / IdP guide suggestion, Scott Cantor, 08/11/2005
Archive powered by MHonArc 2.6.16.