Create keystore's private key (also called keypair) entry of type DSA (Digital Signature Algorithm), with certificate version #3

Workflow

	
	Fill in all required fields
	  ==> enable action button located at bottom of active window
	
	Click action button
	  ==> new window shows up:
	    Window displays contents of selected keytore
	
	At bottom, enter new alias and password, then click OK button
	
	Note: case with PKCS12 keystores: no password needed for new entries.
	
	

About "KeyUsage" Certificate Extension

	
	Exemple of use:
	
	. Top level CA:
	  . critical,
	  . keyCertSign,
	  . cRLSign.
	  
	. SSL web server, SSL application server:
	  . critical,
	  . digitalSignature,
	  . keyEncipherment.
	  
	. Object-signing SMI, Object-signing partner, People SMI-employee authentication, People partner:
	  . critical,
	  . digitalSignature.
	  
	. People SMI-employee encryption:
	  . critical,
	  . keyEncipherment,
	  . dataEncipherment.


    

About "ExtKeyUsage" Certificate Extension

	
	Exemple of use: 

        . Timestamp Tokens:
          . critical,
          . timeStamping
	
	. SSL web server:
	  . not critical,
	  . serverAuth.
	  
	. SSL application server:
	  . not critical,
	  . serverAuth,
	  . clientAuth.
	  
	. Object-signing SMI, Object-signing Partner:
	  . not critical,
	  . codeSigning.
	  
	. People SMI employee authentication:
          . not critical,
          . clientAuth,
          . emailProtection.	

        . People SMI employee encryption:
          . not critical,
          . emailProtection.

        . People partner:
          . not critical,
          . clientAuth.	  

    

Limitations

	
	Supported signature algorithms: 
	. SHA1withDSA
	
	Known troubleshootings:
	. Keytores of type PKCS12, BKS, and UBER:
	    saved signature algorithm: "DSA", instead of "SHA1withDSA".