SAS Life Science Analytics Framework and the clinical data products from SAS

Generating certificates and keystores for Esignatures in SDD

Posts: 22

Generating certificates and keystores for Esignatures in SDD

Users often need additional assistance with generating the user certificates and keystores that are needed to use Esignature functionality in SDD

The most common way to generate a Self Signed Certificate is using Java Keytool

Open the command console on whatever operating system you are using and navigate to the directory where keytool.exe is located (usually where the JRE is located, e.g. c:\Program Files\Java\jre6\bin on Windows machines).


Run the following command from command prompt (Note: Please update the parameters value as desired)

keytool -genkey -v -keyalg RSA -keystore myfile.keystore -storepass my_storepass -keypass my_keypass -alias my_certificate -dname "CN=myname, O=SAS, L=Cary, S=NC, C=US"


Parameter Information:

  • RSA is the algorithm used to generate the cryptographic keys, corresponding to your certificate
  • myfile.keystore is the key store file, which will be generated as the result of the process. It will contain your certificate and a corresponding private key. You will be able to reuse this key store for next
    certificates you maybe will generate. One key store can contain many certificates.
  • my_storepass / my_keepass are the passwords, that protects your key store file. You will have to enter it every time you want to sign a document.
  • my_certificate is the alias for your certificate in the key store. Normally you will never use it, but every new certificate in your key store must have its own alias.
  • dname stands for Distinguished Names. They are used to identify entities, such as those which are named by the subject and issuer (signer) fields of X.509 certificates. keytool supports the following subparts:







A sample distinguished name string is

CN=Mark Smith, OU=JavaSoft, O=Sun, L=Cupertino, S=California, C=US

Export the Certificate and store it in a certificate (.cert) file

keytool -export -rfc -v -keystore myfile.keystore -storepass my_storepass -keypass my_keypass -alias alias -file my_cert.cert

The -export command by default outputs a certificate in binary encoding, but will instead output a certificate in the printable encoding format, if the -rfc option is specified.

To display the content of the certificate file using below command

keytool -printcert -file my_cert.cert


For more information goto site :

This is what we usually recommend. Do you use this same approach or a different one?

Ask a Question
Discussion stats
  • 0 replies
  • 1 in conversation