Wednesday, March 15, 2017

install SSL cert for java



keytool -keystore cacerts -import cert -alias DigiCertApiCA -file C:\Admin\certs\DigiCertCA.crt

keytool -storepasswd -keystore "C:\Program Files\Java\jre1.6.0_03\lib\security\cacerts"

https://support.quovadisglobal.com/kb/a401/how-do-i-generate-a-csr-for-jboss-using-keytool.aspx


------------------------------------- create cert for wildfly----------------------------------------------------
// how to create key and request file
// first of all, download openssl tool and save it somewhere on the machine.
// steps to create key and cert request file.
set OPENSSL_CONF=C:\Admin\OpenSSL\bin\openssl.cnf
openssl genrsa -out C:\Admin\certopenssl\dshsapoly3uat01.key 2048
openssl req -new -sha256 -key C:\Admin\certopenssl\dshsapoly3uat01.key -out C:\Admin\certopenssl\dshsapoly3uat01.csr
//this command is to view the csr, not a necessary step
openssl req -noout -text -in C:\Admin\certopenssl\dshsapoly3uat01.csr


// send your csr to WaTech or any other CA and get cer files from your CA before running the following commands.
//create pfx file 
openssl pkcs12 -export -out C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.pfx -inkey C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.key -in C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.cer

// create keystore
"C:\Programs\jdk1.8.0_121\bin\keytool" -importkeystore -srckeystore dshsapoly3uat01.pfx -srcstoretype pkcs12 -destkeystore dshsapoly3uat01.jks -deststoretype JKS

// change alias if necessary
"C:\Programs\jdk1.8.0_121\bin\keytool" -changealias -alias "te-93ac6810-4331-41b9-b99a-efd06df5ec5b" -destalias "uat01" -keypass uat01pass -keystore dshsapoly3uat01.jks -storepass changed
// change private key password (keypass)
"C:\Programs\jdk1.8.0_121\bin\keytool" -keypasswd -alias uat01  -keystore dshsapoly3uat01.jks

// view your keystore file and check the alias name in the file
"C:\Programs\jdk1.8.0_121\bin\keytool" -v -list -keystore dshsapoly3flp01.jks

------------------------------------some extra docs----------------------------------------------
"C:\Programs\jdk1.8.0_121\bin\keytool" -genkey -alias server -keyalg RSA -keysize 2048 -keystore dshsapoly3uat01.jks -dname "CN=dshsapoly3uat01.dshs.wa.lcl, OU=CATS, O=DSHS, L=Olympia, ST=WA, C=US"
"C:\Programs\jdk1.8.0_121\bin\keytool" -certreq -alias server -file dshsapoly3uat01.csr -keystore dshsapoly3uat01.jks
"C:\Programs\jdk1.8.0_121\bin\keytool" -import -trustcacerts -alias dshsapoly3uat01 -file dshsapoly3uat01.cer -keystore application.keystore


"C:\Programs\jdk1.8.0_121\bin\keytool" -genkey -alias server -keyalg RSA -keysize 2048 -keystore dshsapoly3uat02.jks -dname "CN=dshsapoly3uat02.dshs.wa.lcl, OU=CATS, O=DSHS, L=Olympia, ST=WA, C=US"
"C:\Programs\jdk1.8.0_121\bin\keytool" -certreq -alias server -file dshsapoly3uat02.csr -keystore dshsapoly3uat02.jks

"C:\Programs\jdk1.8.0_121\bin\keytool" -v -list -keystore dshsapoly3uat01.jks

keytool -delete -alias server -keystore application.keystore -storepass password

"C:\Programs\jdk1.8.0_121\bin\keytool" -import -trustcacerts -alias server -file dshsapoly3uat01.cer -keystore dshsapoly3uat01.jks




// how to create key and reqest file
set OPENSSL_CONF=C:\Admin\OpenSSL\bin\openssl.cnf
openssl genrsa -out C:\Admin\certopenssl\dshsapoly3uat01.key 2048
openssl req -new -sha256 -key C:\Admin\certopenssl\dshsapoly3uat01.key -out C:\Admin\certopenssl\dshsapoly3uat01.csr
openssl req -noout -text -in C:\Admin\certopenssl\dshsapoly3uat01.csr
openssl pkcs12 -export -out C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.pfx -inkey C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.key -in C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.cer

"C:\Programs\jdk1.8.0_121\bin\keytool" -importkeystore -srckeystore dshsapoly3uat01.pfx -srcstoretype pkcs12 -destkeystore dshsapoly3uat01.jks -deststoretype JKS
"C:\Programs\jdk1.8.0_121\bin\keytool" -v -list -keystore dshsapoly3flp01.jks

openssl pkcs12 -export -in C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.cer -out C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.p12

-------------------------------install cert to jvm keystore (cacerts)-------------------------------------------

"C:\Programs\jdk1.8.0_121\bin\keytool" -importcert -file C:\Admin\certs\ldaps\WACA01.cer -alias WACA01 -keystore "C:\Programs\jdk1.8.0_121\lib\security\cacerts" -storepass changeit
"C:\Programs\jdk1.8.0_121\bin\keytool" -importcert -file C:\Admin\certs\ldaps\WACA02.cer -alias WACA02 -keystore "C:\Programs\jdk1.8.0_121\lib\security\cacerts" -storepass changeit

"C:\Programs\jdk1.8.0_121\bin\keytool"  -v -list -keystore "C:\Programs\jdk1.8.0_121\lib\security\cacerts" > C:\Admin\certs\ldaps\WACA.txt



"C:\Programs\jdk1.8.0_121\bin\keytool" -importcert -file "C:\Programs\certs\DigiCert Global Root CA.cer" -alias "digicertglobalrootca [jdk]" -keystore "C:\Programs\jdk1.8.0_121\lib\security\cacerts" -storepass changeit
"C:\Programs\jdk1.8.0_121\bin\keytool" -importcert -file "C:\Programs\certs\api_ca_dshs_wa_gov.crt" -alias "api_ca_dshs_wa_gov" -keystore "C:\Programs\jdk1.8.0_121\lib\security\cacerts" -storepass changeit
"C:\Programs\jdk1.8.0_121\bin\keytool" -importcert -file "C:\Programs\certs\DigiCertCA.crt" -alias "DigiCertCA" -keystore "C:\Programs\jdk1.8.0_121\lib\security\cacerts" -storepass changeit

"C:\Programs\jdk1.8.0_121\bin\keytool" -delete -noprompt -trustcacerts -alias "digicertglobalrootca [jdk]" -keystore "C:\Programs\jdk1.8.0_121\lib\security\cacerts"

----------------------------------------------------------------------------------------------------
openssl req -new -nodes -newkey rsa:2048 -config C:\Admin\OpenSSL\bin\openssl.cnf -reqexts req_ext -keyout C:\Admin\certopenssl\famlink.key -out C:\Admin\certopenssl\famlink.csr






Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)