The KeyTool command-line
program enables you to create a Rational® Certificate
Store (RCS) file that contains digital certificates for use with tests.
A Rational Certificate
Store (RCS) file is a compressed archive file that contains one or
more PKCS#12 certificates. You can also use the KeyTool program to
remove certificates from a certificate store.
About this task
Rational Performance Tester
acts as a proxy between the browser and the server application to record the data exchange. When a
secured page is recorded using Rational Performance Tester, the proxy
certificate of the product is presented to the browser.
Procedure
- In the command line tool, navigate to the directory that contains the Keytool utility. By
default, the utility is located at C:\Program Files\IBM\SDP\jdk\jre\bin.
- Type the following command:
keytool.exe -genkeypair -alias certificateName -keystore
keystoreName -storepass password -validity
365 -keyalg RSA -keysize 2048 -storetype
pkcs12
For additional information about parameters by certificate generation, review the official
keytool documentation.
Option |
Description |
-genkeypair |
Generate public and private keys for key pair. |
-alias |
Alias for your certificate in the key store. You may never use it, but every new certificate
in your key store must have its own alias. |
-keystore |
Name of the key store file, which will be generated as the result of the command. It holds
your certificate and a corresponding private key. You can reuse this key store for next certificates
that you might generate. One key store can contain many certificates. |
-storepass |
Password that protects your key store file. You will have to enter it every time you want to sign
a document.
|
-validity |
Number of days the certificate is valid. You can enter more than 365. |
-keyalg |
Algorithm to generate the cryptographic keys that is corresponding to your certificate. You
can use RSA or DSA. |
-keysize |
Length of the cryptographic keys. The more the length the stronger the signature. |
-storetype |
Format of the key store file. PKCS#12 (a.k.a PFX) key stores can be understood by a lot of
different programs and you can also import a PKCS#12 file in your Windows key store (just double
click it and follow the instructions). |
- The certificate generation process prompts you to enter some information about you. Enter the
information as prompted.

- If prompted for a password when using the keystore, enter the same password as provided on the
command line. The key store file (.pfx) is stored in your current directory.
Results
You now have a digital certificate store that you can use with tests. Because the KeyTool program
has many options, you might want to create an alias or script file to use to invoke KeyTool. Use
KeyTool to create and add as many digital certificates as you want. If you want to create a datapool
of the names of certificates in the certificate store, run KeyTool again with the
-list option. This option writes a list of names that can
then be imported to a datapool.
What to do next
Before you start recording the application that requires client certification, import the
certificate to the
Rational Performance Tester project.
For information about how to import the certificate and record a test, see the
Recording a
test topic.
You do not have to use the KeyTool command-line program to create a certificate
store. It is possible to use existing PKCS#12 certificates with Rational Performance Tester. PKCS#12
certificates can be exported from a web browser. PKCS#12 certificates encode the private key within
the certificate by means of a password.
Note: Do not use certificates associated with real users.
Certificates associated with real users contain private keys that should not become known by or
available to anyone other than the owner of the certificate. An intruder who gained access to the
certificate store would have access to the private keys of all certificates in the store. For this
reason, you must create, or have created for you, certificates that are signed by the correct
certificate authority (CA) but that are not associated with real users.