A Java keystore is needed to sign the jar file created by the GridShib-CA so that Java Web Start will give it the permissions it needs to function. These directions provide one method of creation the keystore. There are almost certainly others.
WARNING: A number of java applications echo passwords to the screen as they are typed, so be aware of this as you proceed and be wary of doing this process in a public place.
To use these directions, you will need the following.
Assuming you have your public and private keys in
You'll be asked for the password on your existing private key. Then you will be asked for an "Export Password" which is a new password you will create to protect the keystore. Don't use an existing password for the Export Password as you'll need to put this password into a file for the GridshibCA to use to sign the jar during the build process. By default this file is
If you have Sun's Java Development Kit (JDK) installed, you can create a key store containing a self-signed certificate by using the "keytool" program. You need to decide on a DN (distinguished name) for your certificate. For this example we will use the DN 'CN=mysite.org,O=My Site,L=Springfield,ST=Illinois,C=US'. Note that you will need to quote the DN string if any of the fields contain spaces, but do not add spaces before/after commas.
As before, you need to put the key store password into the appropriate location.