Directions

First, review this module$$s Resources section and explore the resources on how CAs are used to enable HTTPS in the real world for production use. Then generate a self$-$signed certificate for a secure communications environment. This work will prepare you for Project Two, in which you will use a self$-$signed certificate for HTTPS$.$

Specifically, you must address the following rubric criteria:

Certificate Authorities: Investigate and explain the role and value of the services provided by a CA$.$ Review this module$$s Resources section for more information on CAs. It is best to have a third$-$party vendor CA generate certificates for you, which requires costs for the domain. In this case, having a third$-$party vendor CA may cost too much, and you may not need it$.$ In this assignment, you$$ll generate self$-$signed certificates, which makes you the CA$.$ Often, developers act as the CA and generate certificates using free tools at the same time. It is common practice when you are developing. Specifically, discuss the following questions about the role and services provided by CAs:

Why would you want to use a CA for security?

What are the advantages of using a CA$?$

Certificate Generation: Use the Java Keytool to generate a self$-$signed certificate. No additional installation is needed if you have Java installed on your computer or through Eclipse. But you need to find your Java home location to find the keytool.exe. Note: You will generate certificates in Project Two and use the Java Keytool through Eclipse. If you have issues, verify that Java JDK is installed on your system.

Begin by copying the command below to access the keystone. You must copy this text exactly and paste it into the command line. Be certain to revise the text where the word password appears with a unique and secure password. This will be your password for the entire exercise. You may refer to Oracle$$s guidelines in the $$Keytool $$ Key and Certificate Management Tool$$ resource for additional guidance. This resource is linked in this module$$s Resources section.

keytool.exe $-$genkey $-$keyalg RSA $-$alias selfsigned $-$keypass password $-$keystore keystore.jks $-$storepass password $-$validity $360-$keysize $2048$

A command line screen with the following command entered: keytool.exe $-$genkey $-$ keyalg RSA $-$alias selfsigned $-$keypass changeme $-$keystore keystore.jks $-$ storepass changeme $-$validity $360-$keysize $2048.$

A series of questions with responses which are used to generate a $2,048-$bit RSA key pair and self$-$signed certificate follow.

Enter a secure password for the keystore, which is shown as password. You must copy this text exactly and paste it into the command line. Be sure to revise the text where the word password appears with a unique and secure password. This password will be used again shortly.

keytool.exe $-$export $-$alias selfsigned $-$storepass password $-$file server.cer $-$keystore keystore.jks

A command line screen with the following command entered: keytool.exe $-$export $-$alias selfsigned $-$storepass changeme $-$file server.cer $-$keystore keystore.jks The returned line states, 'Certificate stored in file $\text{'}$

Use a command to print out the CER file using the command line.

keytool.exe $-$printcert $-$file server.cer

To show that the certificate was effectively generated, submit a screenshot of the printout of the certificate information found in the server.cer file created in the previous step. An example is shown below:

A command line screen with the following command entered: keytool.exe $-$printcert $-$file server.cer

This command prints the server.cer file. The details of the CER file which was printed include Owner, Issuer, Serial number, Dates valid, Certificate fingerprints, Signature algorithm name, Subject public key algorithm, Version number, and Extensions.

Answer a series of questions with unique answers. You may use fictional information to fill in answers to the questions. You should submit a screenshot with the questions and answers to show that you have entered all the necessary field information as shown above.

Lastly, you will be prompted to enter the same password as before to access keystore and export the certificate to a CER file.