Thursday, March 2, 2023

code signing and ssl

"C:\Programs\jdk1.8.0_121\bin\keytool" -genkey -alias server -keyalg RSA -keysize 2048 -keystore dshsapoly3uat01.jks -dname "CN=dshsapoly3uat01.dshs.wa.lcl, OU=CATS, O=DSHS, L=Olympia, ST=WA, C=US"

"C:\Programs\jdk1.8.0_121\bin\keytool" -certreq -alias server -file dshsapoly3uat01.csr -keystore dshsapoly3uat01.jks

"C:\Programs\jdk1.8.0_121\bin\keytool" -import -trustcacerts -alias dshsapoly3uat01 -file dshsapoly3uat01.cer -keystore application.keystore

------------------------------------------------------------------------------------------------------------------------

"C:\Programs\jdk1.8.0_121\bin\keytool" -genkey -alias server -keyalg RSA -keysize 2048 -keystore dshsapoly3uat02.jks -dname "CN=dshsapoly3uat02.dshs.wa.lcl, OU=CATS, O=DSHS, L=Olympia, ST=WA, C=US"

"C:\Programs\jdk1.8.0_121\bin\keytool" -certreq -alias server -file dshsapoly3uat02.csr -keystore dshsapoly3uat02.jks

"C:\Programs\jdk1.8.0_121\bin\keytool" -v -list -keystore dshsapoly3uat01.jks

keytool -delete -alias server -keystore application.keystore -storepass password

"C:\Programs\jdk1.8.0_121\bin\keytool" -import -trustcacerts -alias server -file dshsapoly3uat01.cer -keystore dshsapoly3uat01.jks

--------------------------------------------------------------------------------------------------------------------------

// how to create key and request file

set OPENSSL_CONF=C:\Admin\OpenSSL\bin\openssl.cnf

openssl genrsa -out C:\Admin\certopenssl\dshsapoly3uat01.key 2048

openssl req -new -sha256 -key C:\Admin\certopenssl\dshsapoly3uat01.key -out C:\Admin\certopenssl\dshsapoly3uat01.csr

openssl req -noout -text -in C:\Admin\certopenssl\dshsapoly3uat01.csr

openssl pkcs12 -export -out C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.pfx -inkey C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.key -in C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.cer


"C:\Programs\jdk1.8.0_121\bin\keytool" -importkeystore -srckeystore dshsapoly3uat01.pfx -srcstoretype pkcs12 -destkeystore dshsapoly3uat01.jks -deststoretype JKS

"C:\Programs\jdk1.8.0_121\bin\keytool" -v -list -keystore dshsapoly3flp01.jks


openssl pkcs12 -export -in C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.cer -out C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.p12

-------------------------------------------------------------------------------------------------------------

// how to create key and request file for code signing certificate

openssl req -new -newkey rsa:2048 -keyout C:\Admin\certs\ocx\codesign\eWiSACWISCodeSign.key -sha256 -nodes -out C:\Admin\certs\ocx\codesign\eWiSACWISCodeSign.csr -config codesign.cnf

// how to generate self sign certificate

openssl x509 -req -days 365 -in C:\Admin\certs\ocx\codesign\eWiSACWISCodeSign1.csr -signkey C:\Admin\certs\ocx\codesign\eWiSACWISCodeSign1.key -sha256 -out C:\Admin\certs\ocx\codesign\eWiSACWISCodeSign1.cer

// code sign ocx, exe, cab, etc

Signtool sign /debug /f eWiSACWIS.pfx /p changeit /t http://timestamp.digicert.com SacwisDocumentAutomation.ocx

signtool verify /a SacwisDocumentAutomation.ocx

============================ codesign.cnf ==================================

[ req ]

default_bits                     = 2048                            # RSA key size

encrypt_key                    = yes                               # Protect private key

default_md                      = sha256                        # MD to use

utf8                                  = yes                              # Input is UTF-8

string_mask                     = utf8only                       # Emit UTF-8 strings

prompt                             = yes                              # Prompt for DN

distinguished_name        = codesign_dn               # DN template

req_extensions               = codesign_reqext          # Desired extensions


[ codesign_dn ]

commonName                = Department of Social and Health Services

commonName_max       = 64


[ codesign_reqext ]

keyUsage                       = critical,digitalSignature

extendedKeyUsage        = critical,codeSigning

subjectKeyIdentifier        = hash

=====================================================================




---------------------------------------------------------

// how to create key and request file

// first of all, download openssl tool and save it somewhere on the machine.

// steps to create key and cert request file.

set OPENSSL_CONF=C:\Admin\OpenSSL\bin\openssl.cnf

openssl genrsa -out C:\Admin\certopenssl\dshsapoly3uat01.key 2048

openssl req -new -sha256 -key C:\Admin\certopenssl\dshsapoly3uat01.key -out C:\Admin\certopenssl\dshsapoly3uat01.csr

//this command is to view the csr, not a necessary step

openssl req -noout -text -in C:\Admin\certopenssl\dshsapoly3uat01.csr



// send your csr to WaTech or any other CA and get cer files from your CA before running the following commands.

//create pfx file 

openssl pkcs12 -export -out C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.pfx -inkey C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.key -in C:\Programs\wildfly-10.1.0.Final\domain-host1\configuration\dshsapoly3uat01.cer


// create keystore

"C:\Programs\jdk1.8.0_121\bin\keytool" -importkeystore -srckeystore dshsapoly3uat01.pfx -srcstoretype pkcs12 -destkeystore dshsapoly3uat01.jks -deststoretype JKS


// change alias if necessary

"C:\Programs\jdk1.8.0_121\bin\keytool" -changealias -alias "te-93ac6810-4331-41b9-b99a-efd06df5ec5b" -destalias "uat01" -keypass uat01pass -keystore dshsapoly3uat01.jks -storepass changed

// change private key password (keypass)

"C:\Programs\jdk1.8.0_121\bin\keytool" -keypasswd -alias uat01  -keystore dshsapoly3uat01.jks


// view your keystore file and check the alias name in the file

"C:\Programs\jdk1.8.0_121\bin\keytool" -v -list -keystore dshsapoly3flp01.jks


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)