So I've an appliance that uses SSL certs for different functions.
I generated a CSE using keytool using these commands:
keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/msw/data/keystore -storepass changeit
keytool -certreq -alias tomcat -keyalg RSA -keystore /opt/msw/data/keystore -storepass changeit -file /root/certreq.csr
Which generated the CSR that I used to download the cert, then I installed it using
"keytool -import -alias tomcat -trustcacerts -keystore /opt/msw/data/keystore -storepass changeit -file /root/server.cert"
So far, so good.
However, one component that uses SSL requires both the certificate and the private key, which of course I don't have - and I don't see an obvious way using keytool to export the private key from Tomcat, is there one please?
-
Believe it or not, this functionality is not supported in keytool. The best solution I have found so far is the software and instructions available for download on this Web site.
I usually generate the key using openssl and then use this method to import the key, as that is not supported by keytool either.
To generate a 2048 bit key:
openssl genrsa -out host.domain.com.key 2048To create a keystore from this key:
KEY=host.domain.com openssl pkcs8 -topk8 -nocrypt -in $KEY.key -inform PEM -out key.der -outform DER openssl x509 -in $KEY.crt -inform PEM -out cert.der -outform DER wget http://www.agentbob.info/agentbob/81/version/default/part/AttachmentData/data/ImportKey.class java ImportKey key.der cert.derHutch : Perfect, seems to have done the job just fine - thank you.From Warner
0 comments:
Post a Comment