Contents

Popular

Versions Compared

Old Version 1

changes.mady.by.user Prathewraj M

Saved on

compared with

New Version 2

changes.mady.by.user Prathewraj M

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Generating a Keystore

  1. Open command prompt and navigate to %JDK_HOME%/bin directory.

    Note

    JDK8 is used in this exercise.

  2. Enter the following command, and then press Enter:

    Code Block
    keytool -keysize 2048 –keystore fiorano.jks –genkey –alias fiorano -keyalg RSA

     

  3. Enter a password for the keystore. The password used in this example is ' fioranopass'.

  4. Answer all the questions pertaining to the Organization

    details

    . When prompted for the First Name and Last Name, enter the fully qualified domain name (FQDN), Host Name or URL to

    which you plan to apply

    the certificate needs to be applied.

...

  1. Tip

    When requesting a Wildcard certificate, please add an asterisk

...

  1. * on the left side of the Common Name

...

  1. .
    Example:     .mydomain.com or www.mydomain.com

...

  1. . This secures all subdomains of the Common Name.

    A screenshot is shown below. All the details provided in this step

    Image Added

    Note

    Organization details entered must be valid. If any of these values are found invalid, CA authorities

    might

    reject the Certificate Signing Request (CSR)

    if any of these values are invalid

    .

...

Generating a Certificate Signing Request (CSR)

  1. To Generate a CSR, enter the following command, and then press Enter.

    Code Block
    keytool –keystore fiorano.jks –certreq –alias fiorano –keyalg rsa –file fiorano.csr -sigalg SHA256withRSA
  2. Provide keystore password provided in the section "Generating a Keystore" (fioranopass is used in our example)

    Image Modified
  3. A file named "fiorano.csr" is created which contains the certificate signing request (CSR). This certificate signing request ( CSR ) has to be passed on to your the external/third party CA (- Certificate Authority (CA).

The CA will authenticate the certificate requestor (usually off-line) and will return a certificate or certificate chain , used to replace the existing certificate chain (which initially consists of a self-signed certificate) in the keystore.

Generating SSL certificate using CSR

We need to go to a A third-party CA website is needed to request an SSL certificate using the CSR we generated. Third party CA websites like such as http://www.thawte.com /, and https://www.godaddy.com etc. can  can be used to generate SSL certificates. In this example, Thawte.com's a 21-day trial certificate is generated and used but the from Thawte.com and used. However, a trial certificate is not recommended for any usage.

Image Modified
To copy your the CSR, open fioranothe fiorano.csr file generated in section2, highlight it from ----BEGIN CERTIFICATE REQUEST to END CERTIFICATE REQUEST----, press Enter, and then paste it in CA website online application to generate SSL certificates.

Using certificates from a CA authority

CA authorities will send you a signed certificate, intermediate certificate and root certificate. Now we need to import all these Import all such certificates into fiorano.jks keystore file.
Note:

Note

The intermediate and root certificate should have different alias names, but the signed certificate should be imported with the same alias that was used while creating a certificate pair in "Generating a Keystore" section. Download your certificate files from your certificate authority and save them to the same directory as

...

the keystore that you created during the CSR creation process. 

The certificate will only work with the same keystore that you initially created the CSR with. The certificates must be installed to your keystore in the correct order. 

Assuming sslcert.pem, intermediate.pem and root.pem are my certificates ( received from CA authorities), the following commands are used to import all the certificates into the keystore.
Command1: keytool :

Code Block
titleCommand 1
keytool -importcert -alias intermediate -file intermediate.pem -

...

keystorefiorano.jks -

...

storepassfioranopass

Image Added

Code Block
titleCommand 2
keytool -importcert -alias root -file root.pem -

...

keystorefiorano.jks -

...

storepassfioranopass

Image Added

Code Block
titleCommand 3
keytool -importcert -alias fiorano -file sslcert.pem -keystore fiorano.jks -storepass fioranopass

Image Removed
Image Removed

All the certificates are added to our keystore and it is ready to use.

When root and intermediate certificates are added to the keystore, you see a message gets displayed: "Certificate was added to keystore". When primary certificate is added to the keystore, the message says displayed is: "Certificate reply was installed in keystore". If you don't see any

In case of no errors in this process, you can jump move to the next section "Using the Keystore keystore in Fiorano".

Listing keystore entries

You can To list the keystore and check if all the certificates are imported successfully.
Command: keytool , use the following command:

Code Block
keytool -list -keystore fiorano.jks -storepass fioranopass

Image Modified
If -v option is specified in the above command, you can see the certificate chain length for fiorano alias .
Command: keytool is displayed:

Code Block
keytool -list -v -keystore fiorano.jks -storepass fioranopass

Image RemovedImage Added

 

Adaptavist ThemeBuilder EngineAtlassian Confluence