How to Apply App Certificates
Runing Enviroment
The follow steps will run in PC, and use keytool in JDK, so please make sure you have installed the JDK in your PC.
Generate Private Keystore
keytool -genkeypair -keystore demo.jks -keyalg RSA -keysize 2048 -alias androiddebugkey -dname "EMAILADDRESS=shan.zhang@abc.com, CN=Zhang Shan, OU=RD, O=ABC company, L=Shanghai, ST=Shanghai, C=CN"
Notes:
- Domain name should be filled according the real information of your company. CN=commonName, OU=organizationUnit, O=organizationName, L=localityName, ST=state or province name, C=country.
- If you want to use this keystore in Eclipse as a custom debug keystore, the alias of the key should be “androiddebugkey” and the password should be “android”. If you won’t use this keystore in Eclipse, you can use any alias name or password.
Export CSR (Certificate Signature Request)
keytool -certreq -keystore demo.jks -alias androiddebugkey > demo.csr
Send CSR to wizarPOS
Send CSR to support@wizarpos.com
Import the Certificate Chain
Import the replied certificate chain of the CSR(demoissuedbywizarpos.crt or *.pem), when you receive them from wizarpos.:
keytool -importcert -keystore demo.jks -file demoissuedbywizarpos.crt -alias androiddebugkey
Notes:
- Choose Yes, when the importing tools ask you if you want to trust them.
FAQ
Keytool
keytool.exe is in the JRE path, XXX/Java/jreXXX/bin, if you have set the enviroment variable, JAVA_HOME, you can run keytool command line in every path, or else you must run the command line in the jre path.
Keysize Problem when Generate Keypair
Please download the unlimited strength policy from java website:
Java6: http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
Java7: http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
Copy the local_policy.jar and US_export_policy.jar to the folder $JAVA_HOME/jre/lib/security
csr error
After export csr, please open the csr in Notepad, if the csr content begin with "-----BEGIN NEW CERTIFICATE REQUEST-----", end with "-----END NEW CERTIFICATE REQUEST-----", there are contents in the middle, that means the csr file is right, the others are bad csr files, then you need to check the above steps you running, find the fault step.