I logged in directly to the localhost of each of my frontend servers (I have 2 frontends and 1 database box). p12 instead of following the rest of the instructions on the JAMF article. Openssl pkcs12 -export -in C: empyourdomain.crt -inkey C: empyourdomain.key -out C: empyourdomain.p12 -name tomcat -CAfile C: empintermediateCA.crt -caname root -chain Then I used the following article to convert the certs to a. My intermediate came directly from GoDaddy in my case. Save them with names such as yourdomain.key, yourdomain.crt, intermediateCA.crt, etc. Copy each certificate/private key to its own text file including the " ![]() Open the yourdomain.txt file that the command created in a text editor. ![]() Openssl pkcs12 -in yourdomain.pfx -out yourdomain.txt -nodes Run this OpenSSL command to create a text file with the contents of the. pfx file to the server or another computer that has OpenSSL installed. pfx file using OpenSSLĪfter you have exported the wildcard certificate from the Windows server you will need to extract all the individual certificates and private key from the. What I found to work with bringing our Windows wildcard cert in to the JSS was the following:Ĭonvert the wildcard. Keytool -importkeystore -srckeystore mykeystore.p12 -destkeystore clientcert.jks -srcstoretype pkcs12 -deststoretype JKS Keytool -v -list -keystore mykeystore.p12 -storetype pkcs12įinally if you need to you can convert this to a JKS key store by importing the key store created above into a new key store: You can verify the contents of the key store using the Java keytool utility with the following command: NOTE that the name provided in the second command is the alias of your key in the new key store. Openssl pkcs12 -export -in mypemfile.pem -out mykeystore.p12 -name "M圜ert" Openssl pkcs12 -in mypfxfile.pfx -out mypemfile.pem The following two commands convert the pfx file to a format that can be opened as a Java PKCS12 key store: Many operating systems already have it installed as I found with Mac OS X. This answer on JGuru is the best method that I've found so far.įirstly make sure that you have OpenSSL installed. destkeystore clientcert.jks -deststoretype JKS Keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 It has been pointed out by Justin in the comments below that keytool alone is capable of doing this using the following command (although only in JDK 1.6 and later): Run on OS X for a JSS running Windows 2008R2 Server. I've posted the applicable contents here so that it can be found more easily for others. ![]() This link is to the original post that helped me. If you decide to name your destination alias anything different than tomcat, you will need to modify Tomcat's server.xml file and bounce Tomcat. NOTE: Casper is coded to look for the destalias "tomcat" in the server.xml file. deststoretype jks -deststorepass -destalias ![]() jks file name keystore password and new alias into this command: keytool -importkeystore -srckeystore -srcstoretype pkcs12 Next plug in the source file, alias name, new. Obtain the name of the alias for the tomcat key in the certificate file using the following command: keytool -v -list -storetype pkcs12 -keystore FILE_PFX
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |