Generating Public and Private Keys for Responsys Connections

Responsys endpoints have some special requirements for generating certificates. Follow these steps to create a self-signed certificate (i.e. a public key) and a matching private key on a Linux computer.

Java (the keytool utility in particular) and OpenSSL must be installed.
  1. Generate a new key pair using these commands:
    1. keytool -genkey -keyalg RSA -validity days -keystore client.keystore -alias clientcert -keypass private key password -storepass store password

      For example, to create a certificate, valid for one year from the current date:

      keytool -genkey -keyalg RSA -validity 365 -keystore client.keystore -alias clientcert -keypass password -storepass password
      Note: To adjust the key expiration date, change -validity=days from today
      Note: In determining expiration dates, a tradeoff exists between frequent update of an expiration term that is too short and reduced security of a lengthy term (if a private key is leaked, an attacker may be able to impersonate the valid user undetected). An expiration term between 1 and 5 years is best.
  2. Export the public key in the binary ASN.1 based DER format using this command:
    1. keytool -exportcert -alias clientcert -keystore client.keystore -storepass password -file ClientCert.cer
      Note: See the X.690 standard for Distinguished Encoding Rules (DER) Encoding format for more infomration.
  3. Send the key to Responsys. The ClientCert.cer file contains a public key that you must send to Responsys, so that the identity of the client can be verified.
    1. Export the private key with this command: keytool -importkeystore -srcstoretype jks -srckeystore client.keystore -srcstorepass password -deststoretype PKCS12 -deststorepass password -destkeystore keys.pk12.der openssl pkcs12 -in keys.pk12.der -nodes -out client_private_rsa.pem The Webtrends Action Center requires the key to be in Base64 encoded PEM format. The .pem file contains the private key and the certificate in PEM format, resembling the following:
          Bag Attributes
          friendlyName: ...
          localKeyID: ...
      Key Attributes: ...
      -----BEGIN PRIVATE KEY-----
      MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCKtqJeujFEEBB2
      ...
      a4fipqs6SGjRmg2LUEso91j/5vQCmO6HHyQKvdF9OKCEJytrxM5M8ZWNDl8EgDam
      BfySVNK11Z7LpFzxizoiFks=
      -----END PRIVATE KEY-----
      Bag Attributes
          friendlyName: ...
          localKeyID: ...
      subject=...
      issuer=...
      -----BEGIN CERTIFICATE-----
      MIIDdzCCAl+gAwIBAgIEE3S8RTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdV
      ...
      KtqTTOxiIvDghFF0s4pKVzqaXIY7nW7eMGK1gjG0VnJIIyRDwlFv1BTIz3UC1faX
      lJslD0sJ3k6bcOeZOqGPj6ynMnKyJkTesLda
      -----END CERTIFICATE-----
      
  4. Copy the Key to the Action Center User Interface
    1. Copy all lines from "-----BEGIN PRIVATE KEY-----" to "-----END PRIVATE KEY-----" (inclusive) into a new file, the file that Action Center needs to create a new Responsys connection:
      -----BEGIN PRIVATE KEY-----
      MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCKtqJeujFEEBB2
      ...
      a4fipqs6SGjRmg2LUEso91j/5vQCmO6HHyQKvdF9OKCEJytrxM5M8ZWNDl8EgDam
      BfySVNK11Z7LpFzxizoiFks=
      -----END PRIVATE KEY-----
      
  5. Drag and drop the file to the Private Key field in the Connect to Responsys dialog. Provide the connection Name, Login, Endpoint and Private Key in the Connect to Responsys dialog.