Skip to main content
Version: 8.2405.x.x RR

Generating a certificate for token signing using nevisKeybox

The nevisAuth default configuration refers to a signer certificate that is generated as follows when using nevisKeybox:

# neviskeybox selfcert -slot nevis -label auth -sibject \
 'CN=svesauth1.company.com,OU=security,O=company,L=zurich,C=ch'

This command

  • creates a self-signed signer certificate with the given common name,
  • converts the private key to jks and pkcs8/der for use by the Java JCE provider, and
  • converts the public key to pem for use by the Java JCE provider.

Certificates may be viewed by issuing the following command:

# neviskeybox list

The signer's private key:

/var/opt/neviskeybox/nevisKeybox/nevis/auth_keystore.jks
/var/opt/neviskeybox/nevis/auth_pkcs8.der

The signer's public key (required by token verifiers):

/var/opt/neviskeybox/nevis/auth_truststore.jks
/var/opt/neviskeybox/nevis/auth_truststore.pem
/var/opt/neviskeybox/nevis/auth_certificate.der