Wednesday, March 15, 2017

install SSL cert for java



keytool -keystore cacerts -import cert -alias DigiCertApiCA -file C:\Admin\certs\DigiCertCA.crt

keytool -storepasswd -keystore "C:\Program Files\Java\jre1.6.0_03\lib\security\cacerts"

https://support.quovadisglobal.com/kb/a401/how-do-i-generate-a-csr-for-jboss-using-keytool.aspx


------------------------------------- create cert for wildfly----------------------------------------------------
// how to create key and request file
// first of all, download openssl tool and save it somewhere on the machine.
// steps to create key and cert request file.
set OPENSSL_CONF=C:\Admin\OpenSSL\bin\openssl.cnf
openssl genrsa -out C:\Admin\certopenssl\dshsapoly3uat01.key 2048
openssl req -new -sha256 -key C:\Admin\certopenssl\dshsapoly3uat01.key -out C:\Admin\certopenssl\dshsapoly3uat01.csr
//this command is to view the csr, not a necessary step
openssl req -noout -text -in C:\Admin\certopenssl\dshsapoly3uat01.csr


// send your csr to WaTech or any other CA and get cer files from your CA before running the following commands.
//create pfx file 
openssl pkcs12 -export -out C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.pfx -inkey C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.key -in C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.cer

// create keystore
"C:\Programs\jdk1.8.0_121\bin\keytool" -importkeystore -srckeystore dshsapoly3uat01.pfx -srcstoretype pkcs12 -destkeystore dshsapoly3uat01.jks -deststoretype JKS

// change alias if necessary
"C:\Programs\jdk1.8.0_121\bin\keytool" -changealias -alias "te-93ac6810-4331-41b9-b99a-efd06df5ec5b" -destalias "uat01" -keypass uat01pass -keystore dshsapoly3uat01.jks -storepass changed
// change private key password (keypass)
"C:\Programs\jdk1.8.0_121\bin\keytool" -keypasswd -alias uat01  -keystore dshsapoly3uat01.jks

// view your keystore file and check the alias name in the file
"C:\Programs\jdk1.8.0_121\bin\keytool" -v -list -keystore dshsapoly3flp01.jks

------------------------------------some extra docs----------------------------------------------
"C:\Programs\jdk1.8.0_121\bin\keytool" -genkey -alias server -keyalg RSA -keysize 2048 -keystore dshsapoly3uat01.jks -dname "CN=dshsapoly3uat01.dshs.wa.lcl, OU=CATS, O=DSHS, L=Olympia, ST=WA, C=US"
"C:\Programs\jdk1.8.0_121\bin\keytool" -certreq -alias server -file dshsapoly3uat01.csr -keystore dshsapoly3uat01.jks
"C:\Programs\jdk1.8.0_121\bin\keytool" -import -trustcacerts -alias dshsapoly3uat01 -file dshsapoly3uat01.cer -keystore application.keystore


"C:\Programs\jdk1.8.0_121\bin\keytool" -genkey -alias server -keyalg RSA -keysize 2048 -keystore dshsapoly3uat02.jks -dname "CN=dshsapoly3uat02.dshs.wa.lcl, OU=CATS, O=DSHS, L=Olympia, ST=WA, C=US"
"C:\Programs\jdk1.8.0_121\bin\keytool" -certreq -alias server -file dshsapoly3uat02.csr -keystore dshsapoly3uat02.jks

"C:\Programs\jdk1.8.0_121\bin\keytool" -v -list -keystore dshsapoly3uat01.jks

keytool -delete -alias server -keystore application.keystore -storepass password

"C:\Programs\jdk1.8.0_121\bin\keytool" -import -trustcacerts -alias server -file dshsapoly3uat01.cer -keystore dshsapoly3uat01.jks




// how to create key and reqest file
set OPENSSL_CONF=C:\Admin\OpenSSL\bin\openssl.cnf
openssl genrsa -out C:\Admin\certopenssl\dshsapoly3uat01.key 2048
openssl req -new -sha256 -key C:\Admin\certopenssl\dshsapoly3uat01.key -out C:\Admin\certopenssl\dshsapoly3uat01.csr
openssl req -noout -text -in C:\Admin\certopenssl\dshsapoly3uat01.csr
openssl pkcs12 -export -out C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.pfx -inkey C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.key -in C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.cer

"C:\Programs\jdk1.8.0_121\bin\keytool" -importkeystore -srckeystore dshsapoly3uat01.pfx -srcstoretype pkcs12 -destkeystore dshsapoly3uat01.jks -deststoretype JKS
"C:\Programs\jdk1.8.0_121\bin\keytool" -v -list -keystore dshsapoly3flp01.jks

openssl pkcs12 -export -in C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.cer -out C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.p12

-------------------------------install cert to jvm keystore (cacerts)-------------------------------------------

"C:\Programs\jdk1.8.0_121\bin\keytool" -importcert -file C:\Admin\certs\ldaps\WACA01.cer -alias WACA01 -keystore "C:\Programs\jdk1.8.0_121\lib\security\cacerts" -storepass changeit
"C:\Programs\jdk1.8.0_121\bin\keytool" -importcert -file C:\Admin\certs\ldaps\WACA02.cer -alias WACA02 -keystore "C:\Programs\jdk1.8.0_121\lib\security\cacerts" -storepass changeit

"C:\Programs\jdk1.8.0_121\bin\keytool"  -v -list -keystore "C:\Programs\jdk1.8.0_121\lib\security\cacerts" > C:\Admin\certs\ldaps\WACA.txt



"C:\Programs\jdk1.8.0_121\bin\keytool" -importcert -file "C:\Programs\certs\DigiCert Global Root CA.cer" -alias "digicertglobalrootca [jdk]" -keystore "C:\Programs\jdk1.8.0_121\lib\security\cacerts" -storepass changeit
"C:\Programs\jdk1.8.0_121\bin\keytool" -importcert -file "C:\Programs\certs\api_ca_dshs_wa_gov.crt" -alias "api_ca_dshs_wa_gov" -keystore "C:\Programs\jdk1.8.0_121\lib\security\cacerts" -storepass changeit
"C:\Programs\jdk1.8.0_121\bin\keytool" -importcert -file "C:\Programs\certs\DigiCertCA.crt" -alias "DigiCertCA" -keystore "C:\Programs\jdk1.8.0_121\lib\security\cacerts" -storepass changeit

"C:\Programs\jdk1.8.0_121\bin\keytool" -delete -noprompt -trustcacerts -alias "digicertglobalrootca [jdk]" -keystore "C:\Programs\jdk1.8.0_121\lib\security\cacerts"

----------------------------------------------------------------------------------------------------
openssl req -new -nodes -newkey rsa:2048 -config C:\Admin\OpenSSL\bin\openssl.cnf -reqexts req_ext -keyout C:\Admin\certopenssl\famlink.key -out C:\Admin\certopenssl\famlink.csr






Thursday, March 2, 2017

resign api

IPA="/path/to/file.ipa"
PROVISION="/path/to/file.mobileprovision"
CERTIFICATE="Name of certificate: To sign with" # must be in keychain
# unzip the ipa
unzip -q "$IPA"
# remove the signature
rm -rf Payload/*.app/_CodeSignature
# replace the provision
cp "$PROVISION" Payload/*.app/embedded.mobileprovision
# sign with the new certificate (--resource-rules has been deprecated OS X Yosemite (10.10), it can safely be removed)
/usr/bin/codesign -f -s "$CERTIFICATE" --resource-rules Payload/*.app/ResourceRules.plist Payload/*.app
# zip it back up
zip -qr resigned.ipa Payload
or Run iReSign
put your ipa in the first field,
put your provisioning file the 2nd
leave your 3rd blank
put  your bundle id the 4th'
select your cert from the keychain