generating sealer keystore by hand

Cantor, Scott cantor.2 at
Thu May 7 14:54:08 EDT 2015

On 5/7/15, 2:42 PM, "Scott Koranda" <skoranda at> wrote:

>> Is there a reason not to just call the seckeygen script/utility to do that same thing? That's not Ant, it's just a Java class. The idea was that using that API would be more insulating and let us make adjustments that wouldn't break anybody.
>Only a desire to do the initial creation of key material, including
>all the X.509 certificates and keys, on a different box where the IdP
>is not deployed and then (securely) transfer the key material to the
>deployed IdP(s).

The code involved is all in java-support-xxx.jar, so if you did a little surgery on the shell command provided, you could pretty easily run the wrapper command to do it on a separate host.

-- Scott

More information about the users mailing list