Installation guide
System Administration
Creating and Replacing SSL Certificates
13-42
Creating a New Self-signed Certificate
To generate a private keystore containing a new private key/public certificate
pair:
Command line window
1. Log in as root to the NAC 800 server via SSH.
2. Remove the existing keystore by entering the following at the command
line:
rm -f /usr/local/nac/keystore/compliance.keystore
3. Enter the following at the command line:
keytool -genkey -keyalg RSA -alias <key_alias> -keystore
/usr/local/nac/keystore/compliance.keystore
Where:
<key_alias> is the name for the key within the keystore file
4. The keytool utility prompts you for the following information:
• Keystore password – Enter a password. You may want to use
changeit to be consistent with the default password of the J2SE
SDK keystore.
• First and Last Name – Enter the fully-qualified name of your server.
This fully-qualified name includes the host name and the domain
name. For testing purposes on a single machine, this will be local-
host.
• Organizational unit – Enter the appropriate value.
• Organization – Enter the name of your organization.
• City or locality – Enter the city or location.
• State or province – Enter the unabbreviated state or province.
• Two-letter country code – Enter a two-letter country code. The two-
letter country code for the United States is US.
5. Review the information you've entered so far, enter Yes if it is correct.