Date: Thu, 23 Jan 1997 15:29:36 -0800
Message-Id: <199701232329.PAA16060@puffin.eng.sun.com>
From: Marianne Mueller <mrm@eng.sun.com>
To: watson@CEBAF.GOV
Subject: Re: certificates for javakey
Check out "Using Javakey" at
http://java.sun.com/security/usingJavakey.html
The steps are
1. create a signing identity, say for "cebaf.gov"
% javakey -cs cebaf.gov true
2. generate a keypair for that identity
% javakey -gk cebaf.gov DSA 512 cebaf_pub cebaf_priv
The last two arguments are optional. If you provide them,
the public key is stored in cebaf_pub and the private
key in cebaf_priv, *in addition* to being stored in your
identitydb.obj database.
See http://java.sun.com/security/policy.html for some
policy recommendations on creating and sharing keys
and certificates, in our current setup.
3. generate a certificate for that identity
% javakey -gc cert_directive
See http://java.sun.com/security/cert_directive.txt for
an example of a certificate directive file you can
copy and modify for generating your own certificate.
We don't support cert chaining right now so we don't have a way
for you to use your cert to sign someone else's cert ... this is
a recognized need.
Please do let us know how you'd like to use these facilities.
Marianne
JavaSoft engineering, security