Issue
- Create custom certificates or certification authorities (CAs) for ESET Remote Administrator (ERA).
Solution
Prerequisites
- Verify Java is installed. Keytool, included in Java, allows you to create and store certificates.
Enter the commands shown below to create a new certificate:
- Open a Command Prompt as the administrator (or root on Linux systems) and navigate to the folder where
keytool
is located:C:\Program Files (x86)\Java\jre1.8.0_40\bin
(The directory depends on the OS and JRE version.)
- Generate a key pair (a public key and associated private key) which will be used as the Certification Authority (CA):
Linux
keytool -genkeypair -v -alias aliasName -keystore [Common Name].jks -keyalg RSA -keysize 2048 -ext KeyUsage:critical="keyCertSign" -ext BasicConstraints:critical="ca:true" -validity 3650
Windows
keytool -genkeypair -v -alias "aliasName" -keystore [Common Name].jks -keyalg RSA -keysize 2048 -ext KeyUsage:critical="keyCertSign" -ext BasicConstraints:critical="ca:true" -validity 3650
- Export the CA from the keystore:
Linux
keytool -exportcert -alias "aliasName" -file aliasName.der -keystore [Common Name].jks
Windows
keytool -export -alias "aliasName" -file aliasName.der -keystore [Common Name].jks
- Generate a key pair for the certificate:
Linux
keytool -genkeypair -v -alias "aliasName" -keytore [Common Name].jks -keyalg RSA -keysize 2048 -storepass "yourPassword" -keypass "yourPassword"
Windows
keytool -genkeypair -v -alias "aliasName" -keytore [Common Name].jks -keyalg RSA -keysize 2048 -storepass "yourPassword" -keypass "yourPassword"
- Create a certificate request (
.csr
file) for the certificate:
Linux
keytool -certreq -keystore [Common Name].jks -storepass "yourPassword" -alias "aliasName" -file file.csr
Windows
keytool -certreq -keystore [Common Name].jks -storepass “yourPassword” -alias “aliasName” -file file.csr
- Create a certificate with the certificate request:
Linux
keytool -gencert -keystore [Common Name].jks -storepass “yourPassword” -alias “aliasName” -infile file.csr -outfile output.cer
Windows
keytool -gencert -keystore [Common Name].jks -storepass “yourPassword” -alias “aliasName” -infile file.csr -outfile output.cer
- Create a
.pfx
file from[Common Name].jks
:Linux
keytool -importkeystore -v -srcalias aliasName -srckeystore [Common Name].jks -srcstorepass yourPassword -srcstoretype JKS -destkeystore aliasName.pfx -destkeypass yourPassword -deststorepass yourPassword -deststoretype PKCS12 -destalias aliasName
Windows
keytool -importkeystore -v -srcalias "aliasName" -srckeystore [Common Name].jks -srcstorepass yourPassword -srcstoretype JKS -destkeystore aliasName.pfx -destkeypass yourPassword -deststorepass yourPassword -deststoretype PKCS12 -destalias "aliasName"
For more information about keytool, visit the Oracle webpage.