You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: en/includes/guides/authentication/mfa/add-x509-login.md
+25-11
Original file line number
Diff line number
Diff line change
@@ -75,10 +75,12 @@ To do so,
75
75
## Step 2: Create a client certificate
76
76
77
77
In this step, we will generate a client certificate that will be used to authenticate to {{product_name}}. This involves:
78
-
- Creating a keystore that holds the client’s private key and certificate.
79
-
- Generating a Certificate Signing Request (CSR) to obtain a signed certificate from the CA.
80
-
- Importing the signed certificate and CA certificate into the keystore.
81
78
79
+
!!! abstract ""
80
+
81
+
- Creating a keystore that holds the client’s private key and certificate.
82
+
- Generating a Certificate Signing Request (CSR) to obtain a signed certificate from the CA.
83
+
- Importing the signed certificate and CA certificate into the keystore.
82
84
83
85
1. Generate a keystore that contains the private key and public certificate. The following command creates a new keystore (localcrt.jks) and generates a new RSA key pair with a validity of 10 years (3650 days).
84
86
@@ -91,14 +93,26 @@ In this step, we will generate a client certificate that will be used to authent
91
93
!!! tip
92
94
For `What is your first and last name?`, provide a name without spaces.
93
95
94
-
This command will create a keystore with the following details:
95
-
96
-
``` text
97
-
Keystore name: localcrt.jks
98
-
Alias of public certificate: localcrt
99
-
Keystore password: localpwd
100
-
Private key password: localpwd (this is required to be the same as keystore password)
101
-
```
96
+
This command will create a keystore with the following details:
97
+
98
+
<table>
99
+
<tr>
100
+
<td>Keystore name</td>
101
+
<td>localcrt.jks</td>
102
+
</tr>
103
+
<tr>
104
+
<td>Alias of public certificate</td>
105
+
<td>localcrt</td>
106
+
</tr>
107
+
<tr>
108
+
<td>Alias of public certificate</td>
109
+
<td>localpwd</td>
110
+
</tr>
111
+
<tr>
112
+
<td>Private key password</td>
113
+
<td>localpwd (this is required to be the same as keystore password)</td>
114
+
</tr>
115
+
</table>
102
116
103
117
2. Next, generate a Certificate Signing Request (CSR) using the keystore you just created. The CSR will be submitted to the CA, which will sign it, proving that the certificate is trusted.
0 commit comments