На хосте с OES SM генерируем пару:
$ /usr/java/jdk1.6.0_37/bin/keytool -genkey -alias noteshi -keyalg RSA -keypass ignore -storepass ignore -keystore /tmp/enrollment.jks
What is your first and last name?
[susenin]: susenin
What is the name of your organizational unit?
[***]: ***
What is the name of your organization?
[***]: ***
What is the name of your City or Locality?
[***]: ***
What is the name of your State or Province?
[***]: ***
What is the two-letter country code for this unit?
[***]:
Is CN=susenin, OU=***, O=***, L=***, ST=***, C=*** correct?
[no]: y
Экспортируем сертификат:
$ /usr/java/jdk1.6.0_37/bin/keytool -export -alias noteshi -storepass ignore -file /tmp/myca.cer -keystore /tmp/enrollment.jks
Certificate stored in file </tmp/myca.cer>
Копируем /tmp/myca.cer на хост с OES-сервером. При необходимости – удаляем существующий алиас от старого сертификата:
/usr/java/jdk1.6.0_37/bin/keytool -delete -alias noteshi -keystore /usr/java/jdk1.6.0_37/jre/lib/security/cacerts -storepass changeit
Импортируем:
/usr/java/jdk1.6.0_37/bin/keytool -storepass changeit -keystore /usr/java/jdk1.6.0_37/jre/lib/security/cacerts -import -trustcacerts -alias noteshi -file /tmp/myca.cer
Заново энроллим клиента
P.S. Листинг содержимого:
$ /usr/java/jdk1.6.0_37/bin/keytool -list -v -keystore enrollment.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: noteshi
Creation date: Jun 26, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=susenin, OU=***, O=***, L=***, ST=***, C=***
http://docs.oracle.com/cd/E19798-01/821-1841/gjrgy/index.html
