I have been involved a lot in Hyperion admin activities from last 2 years and today I am writing a small note on following topics:
D:\<JAVA installation path>\jdk1.7.0_181\bin\keytool -genkeypair -alias <alias_name> -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 365 -keypass <password> -keystore <name_of_keystore> -storepass password -dname "CN=test_server.net,C=<country_detail>,O=<Organization_detail>,OU=<organzation_unit>,L=<location>,ST=<state_code>"
Once you receive signed certificate from certificate sign authority now its time to import it in the keystore generated by you in the first step:
Keep certificate file in the same directory as keystore and use below command to generate import certificate:
D:\<JAVA installation path>\jdk1.7.0_181\bin\keytool -import -alias <alias you mentioned in first step> -file <signed certificate file name>.cer -keystore <keystore name>
- How to create keystore to use ssl certificates for secure connections
- How to request certificates from verified providers
- How to import certificates in keystore
- Converting Keystore to Wallet
How to create keystore:
In simple words keystore is like a key repository which is use to store public and private keys. In order to request for a authorized trusted certificated for your application you need to first create a keystore.
Consider server name where application is hosted is test_server.net then you can use below command to create keystore:
In the above command replace the values as per your environment and it will generate a keystore in current directory.
Note: Keep this keystore safe as the requested certificate can only be imported in the keystore from which CSR will be generated.
How to request for Certificate:
After creating keystore now its time to generate a CSR (certificate sign request) to request signed certificate from certificate trust authorities like symantec, godady, rapidssl etc.
Please run below command to generate CSR:
D:\<JAVA installation path>\jdk1.7.0_181\bin\keytool -certreq -alias <alias you mentioned in previous step>-sigalg SHA256withRSA -keystore <keystore name> -file <any_name>.csr
Above command will generate a .csr file which you can share with certificate sign authority to get a certificate issue for your application/server.
Please run below command to generate CSR:
D:\<JAVA installation path>\jdk1.7.0_181\bin\keytool -certreq -alias <alias you mentioned in previous step>-sigalg SHA256withRSA -keystore <keystore name> -file <any_name>.csr
Above command will generate a .csr file which you can share with certificate sign authority to get a certificate issue for your application/server.
How to import certificate in keystore:
Once you receive signed certificate from certificate sign authority now its time to import it in the keystore generated by you in the first step:
Keep certificate file in the same directory as keystore and use below command to generate import certificate:
D:\<JAVA installation path>\jdk1.7.0_181\bin\keytool -import -alias <alias you mentioned in first step> -file <signed certificate file name>.cer -keystore <keystore name>
System will ask you for the keystore password so provide the password which you use while creating keystore
NOTE: You may need to import chain and root level certificates in the keystore as per your company security policies to authenticate at different levels in network and you can do the same by following above process.
Converting Keystore to Wallet:
Many applications like some oracle application use wallets to authenticate client request.
To generate wallet from jave key store use following commands:
Command to generate wallet after setting JAVA_HOME
> set JAVA_HOME=D:\Oracle\Middleware\jdk1.7.0_181
> D:\Oracle\Middleware\oracle_common\bin\orapki wallet create -wallet D:\Oracle\SSL\ -pwd <wallet password>
Importing java key store content to wallet:
>D:\Oracle\Middleware\oracle_common\bin\orapki wallet jks_to_pkcs12 -wallet D:\Oracle\SSL\ -pwd <wallet password> -keystore D:\Oracle\SSL\<java keystore name> -jkspwd <java keystore password>
Generate wallet sso file for automatic authentication:
>D:\Oracle\Middleware\oracle_common\bin\orapki wallet create -wallet D:\Oracle\SSL\ -auto_login
Enter wallet password when system will prompt for password and above command will generate a .sso file.
Now you are all set to copy java keystore and wallet wherever require to configure application
Please share your valuable feedback as it will help me improving my future posts.
No comments:
Post a Comment