Create keystore's private key entry of type RSA, with certificate version #3

Create keystore's private key (also called keypair) entry of type RSA (Rivest Shamir Adleman), with certificate version #3

Workflow

	
	Fill in all required fields
	  ==> enable action button located at bottom of active window
	
	Click action button
	  ==> new window shows up:
	    Window displays contents of selected keytore
	
	At bottom, enter new alias and password, then click OK button
	
	Note: case with PKCS12 keystores: no password needed for new entries.

About "KeyUsage" Certificate Extension

	
	Exemple of use:
	
	. Top level CA:
	  . critical,
	  . keyCertSign,
	  . cRLSign.
	  
	. SSL web server, SSL application server:
	  . critical,
	  . digitalSignature,
	  . keyEncipherment.
	  
	. Object-signing SMI, Object-signing partner, People SMI-employee authentication, People partner:
	  . critical,
	  . digitalSignature.
	  
	. People SMI-employee encryption:
	  . critical,
	  . keyEncipherment,
	  . dataEncipherment.

About "ExtKeyUsage" Certificate Extension

	
	Exemple of use: 

        . Timestamp Tokens:
          . critical,
          . timeStamping
	
	. SSL web server:
	  . not critical,
	  . serverAuth.
	  
	. SSL application server:
	  . not critical,
	  . serverAuth,
	  . clientAuth.
	  
	. Object-signing SMI, Object-signing Partner:
	  . not critical,
	  . codeSigning.
	  
	. People SMI employee authentication:
          . not critical,
          . clientAuth,
          . emailProtection.	

        . People SMI employee encryption:
          . not critical,
          . emailProtection.

        . People partner:
          . not critical,
          . clientAuth.

Limitations

	
	Supported signature algorithms: 
	. MD2withRSA
	. MD5withRSA
	. SHA1withRSA
	. SHA256withRSA
	. SHA384withRSA
	. SHA512withRSA
	. RIPEMD128withRSA
	. RIPEMD160withRSA
	. RIPEMD256withRSA