XML Security Suite: Increasing the Security of E-Business

By Doug Tidwell
2005-05-18

Creating a certificate

Before you can create digital signatures, you need a certificate. Although you can get a certificate from a certificate authority, for the examples here, you'll act as your own CA. To create the X.509 certificate used in signature.xml, use the Java 2 keytool command:

Listing 1. keytool command



keytool -genkey -dname "CN=Doug Tidwell, OU=developerWorks, O=IBM, 

L=Research Triangle Park, S=North Carolina, C=US" -keypass openstds 

-storepass security -alias xss4j

In the keytool command, the distinguished name (dname) is composed of the common name (CN), organizational unit (OU), organization (O), location (L), state (S), and country (C). The distinguished name is designed to be unique across the Internet. The password for the key store (-storepass) is security, openstds is the password for the private key for this certificate (-keypass), and xss4j is the alias for this certificate (-alias).

Tutorial Pages:
» A brief overview of Web security
» Creating a secure session
» The XML Security Suite
» XML Signatures
» About the sample programs
» Creating a certificate
» Signing an internal XML resource
» Signing an external XML resource
» Signing a non-XML resource
» Verifying a digital signature
» The joys of nonrepudiability
» Canonical XML
» Element-level encryption
» Other utilities
» Summary
» Resources

First published by IBM DeveloperWorks

Related Tutorials:
» Starting with XML
» Performing Client-Side XSL Transformations
» Create a Google Sitemap for your Web Site
» XML and Scripting Languages
» Parsing Comma-Separated Values
» Servlets and XML: Made for Each Other