How to Create a Certificate

Coordinator
Jun 24, 2008 at 7:04 PM
Edited Mar 13, 2009 at 8:24 PM
This was posted on the first page so I moved it here:

Howdy,

Is there any documentation about how to create a cert?

Thanks,

Colin S. Brown

Healthvault uses public/private key infrastructure to verify the application.  It does not validate the public key certificate chain so there is no need to obtain keys from a trusted CA.

The healthvault java sdk uses the JSSE keystore to obtain the application's private key.  The keystore file is loaded from the classpath and is shipped with the name "/keystore".  The following entries in hv-application configure its use:

keystore.filename=/keystore
keystore.keyname=java-wildcat
keystore.password=password

The jdk ships with a tool to create and manage keys within this store: keytool

http://java.sun.com/javase/6/docs/technotes/tools/windows/keytool.html

The instructions for how to generate a public/private key pair are described in the documentation for the com.microsoft.hsg.DefaultPrivateKeyStore class:

keytool -genkeypair -keyalg RSA -keysize 1024 -keystore keystore -alias java-wildcat -validity 9999

This creates a file named "keystore" if it doesn't already exist and the generated keys are placed within.  The password for the keystore and the key must be the same.  You may choose other values for the keystore name and the key alias, but they must correspond to configuration values in hv-application.properties.

The public key certificate must then be exported from the key store and sent to the partner team.  To export the key:

keytool -export -alias java-wildcat -keystore keystore > my-pub.cer

Send the my-pub.cer file to us and we’ll take care of the rest.


Nov 3, 2008 at 5:24 PM
Edited Nov 3, 2008 at 5:25 PM
Please note the command line in for keytool needs to be updated, the default behavior of the tool is to generate a certificate which expires in 90 days. You can use the following to have the certificate valid for 9999 (which starting now might be ~ 2038).

keytool -genkey -keyalg RSA -keysize 1024 -keystore keystore -alias java-wildcat -validity 9999

More details about how HealthVault deals with expiring certs can be found in this post.