Create and configure the RSA key pair for the digital signature

Create an RSA key pair that the proxy can use to create the digital signature for signing changes to the encryption properties and configuration.

Before you begin

To generate and validate the digital signature, an RSA key pair must generated and stored in a JCEKS Java KeyStore and each proxy must be configured to use this key pair. You generate an encryption key pair by using the keytool command.
If the proxy was installed on SElinux (e.g. CentOS), to use the keytool utility you must enable loading of shared libraries from the proxy java-installation directory. To do this, run the following command as root.
chcon -R -t texrel_shlib_t proxy_install_dir/java/jre /lib

You must use the Java 1.8 version of the keytool utility. A copy of the utility can be found in <proxy install dir>java/jre/bin/keytool.

About this task


  1. Change to the KeyStore directory in the proxy download directory.
  2. Change the default password.

    The default password is changeme.

    keytool -keystore keystore.jceks -storetype jceks -storepasswd -new <new password>
  3. Create an encryption key pair.
    Note: Do not enter a password for the key when the keytool utility prompts for one.

    Enter this command on a single line.

    keytool -genkeypair -alias <key alias> -keyalg rsa -keystore keystore.jceks 
    -storetype jceks -storepass <keystore password> -keysize 2048
  4. Update the encryption proxy property file (
    1. Change to the <installation directory>/conf/ directory.
    2. Open the file.
    3. Enter the properties for the digital signature.

      These properties must be the same for all proxies.

      Table 1. Digital signature properties
      Property Description
      edgeencryption.proxy.signature.keystore.path Path and Java KeyStore file name.
      edgeencryption.proxy.signature.keystore.password Password. The default password is changeme. Change the password after installing the Java KeyStore.
      edgeencryption.proxy.signature.keystore.keyalias The key alias given in as the -alias argument when the RSA key pair was generated.
  5. Save and close the file.