![]() ![]() Keytool -importkeystore -srckeystore /etc/tomcat8/keystore/12 -srcstoretype pkcs12 -srcstorepass HERETHEPASSWORD -destkeystore /etc/tomcat8/keystore/ -deststoretype jks -deststorepass HERETHEPASSWORDģ. Openssl pkcs12 -export -in /etc/letsencrypt/live//fullchain.pem -inkey /etc/letsencrypt/live//privkey.pem -out /etc/tomcat8/keystore/12 -password pass:HERETHEPASSWORDĢ.- Import pkcs12 store into a keystore (change HERETHEPASSWORD with the password used in previous command): Once you have identified the right cert, you need to recreate the keystore with the new key and cert.Ġ.- Create a dir to store your keystore, I’m using /etc/tomcat8/keystore/ for this example, you should use the path that you want.ġ.- Create a pkcs12 store (change HERETHEPASSWORD with the password you want): Note: even though the intermediates are in the certificate files they are not trusted by the keystore until the intermediate certificate is in the store.Ĭonverting Standard certbot artifacts to a JKS If we run the commands again we will not get warnings as the intermediate is in the keystore. Keytool -import -trustcacerts -alias LE_INTERMEDIATE -file. We can download the Let’s Encrypt X3 Intermediate and add it to the store using the following command If DevTest is not installed, you will find keytool under your JAVAHOME/bin folder. If you have DevTest installed, you will find keytool under the DEVTESTHOME/jre/bin folder. You can say yes to force the keytool to accept the certificate however there is a different ways of also dealing with this error Open a command prompt and go to the directory where keytool is available. Keytool -importcert -alias san-cert -keystore letsencrypt.jks -storepass test12345 -file. Keytool -importcert -alias simple-cert -keystore letsencrypt.jks -storepass test12345 -file. ![]() The key to adding the certs is associating them with the keys There are several methods that you can use but I found the following the most simple: Export your key, certificate and ca-certificate into a PKCS12 bundle via openssl pkcs12 -export -in my.crt -inkey my.key -chain -CAfile my-ca-file.crt -name '' -out my. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |