Wednesday, July 7, 2021
Create a JKS file java keystore for tomcat and jboss
Hello Everyone, Welcome to another important blog post where i will walk you through step by step to generate jks (java keystore) file. Follow the below steps.
Create a JKS file java keystore for tomcat and jboss
We will be requiring below files to create JKS java keystore file in terms of third party CA.
1.Root certificate
2.Intermediate certificate
3.Domain certificate
4.Private key
merge intermediate and root to create chain file.
cat intermediate.cer root.cer > chain.crt
it will export chain.crt
In windows just copy the root certificate content and paste under intermediate one and make sure there is no space after -----End Certificate----- and save it as chain.crt
See the below example.
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEYDCCA0igAwIBAgILBAAAAAABL07hRQwwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
Now run below command to generate pfx in openssl. for windows run in openssl/bin make sure openssl.cnf is available in bin, if using apache/bin then copy openssl.cnf from conf directory and paste in bin directory.
For Windows
openssl pkcs12 -export -out certificate.pfx -inkey privatekey.key -in domain.crt -certfile chain.crt -config openssl.cnf
keep atleast 6 digit password.
For Linux
openssl pkcs12 -export -out certificate.pfx -inkey privatekey.key -in domain.crt -certfile chain.crt
keep atleast 6 digit password.
it will export pfx file.
now run below command to covert pfx to jks, if you have windows run in java/jdk or jre bin, if linux run anywhere.(Java must be installed to run the below command)
keytool -importkeystore -srckeystore certificate.pfx -srcstoretype pkcs12 -destkeystore certificate.jks -deststoretype JKS
give the same password as pfx else keystore won't work.
now import root and intermediate certificate also
run command
keytool -import -trustcacerts -alias intermediate –file intermediateCertFileName.crt -keystore certificate.jks
it will import intermediate cert
now for root cert
keytool -import -trustcacerts -alias root –file RootCertFileName.crt -keystore certificate.jks
after doing above steps verify the jks by running below command
keytool -v -list -keystore certificate.jks
Note the alias name for private key from output And also make sure private key entry chain length is 3 to avoid intermediate certificate error on browsers.
Also read: How to install ssl on tomcat
Stay tuned for more such blogs. See you in next one. :)
No comments :
Post a Comment