Friday 30 August 2019

Checking CSR Validity

You can use below link to validate a CSR


https://ssltools.digicert.com/checker/views/csrCheck.jsp

Thursday 29 August 2019

Generate a JKS (Key Store)



Create a KeyStore:

keytool -genkey -alias mydomain -keyalg RSA -keystore KeyStore.jks -keysize 2048


Generate a CSR:


keytool -certreq -alias mydomain -keystore KeyStore.jks -file mydomain.csr


Import the root & intermediate certificates into your keystore:


keytool -import -trustcacerts -alias root -file root.crt -keystore KeyStore.jks


keytool -import -trustcacerts -alias intermediate -file intermediate.crt -keystore KeyStore.jks


 Store and import your new certificate:


keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore KeyStore.jks

Generate a SSL Certificate (Self Signed)


Step 1:

openssl genrsa -des3 -out mykey.key 1024

 
Step 2: Generate a CSR

openssl req -new -key mykey.key -out certificate.csr
Country Name (2 letter code) [GB]: UK
State or Province Name (full name) [Berkshire]:London
Locality Name (eg, city) [Newbury]:London City
Organization Name (eg, company) [My Company Ltd]:Test Corp
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:test.abc.com
Email Address []:test@abc.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Step 3: Remove the Passphrase from Key

To avoid your Apache or your webserver asking the passphrase every time a reboot is required. you can remove the pass phrase. Please ensure this key file is properly protected to avoid loosing the key through unauthorised access to the server.  

cp mykey.key mykey.key.org
openssl rsa -in mykey.key.org -out mykey.key

Step 4: Generate a Self-Signed Certificate

Generate a temporary certificate that is valid for 365 days, :

openssl x509 -req -days 365 -in certificate.csr -signkey mykey.key -out    certificate.crt

Importing Certificates in Java Key Store(JKS)

whenever you are working with Weblogic and want to setup Certificates, you will need to configure the Java Key store, a file where certificates are stored.


You will first needs either a self signed certificate or a external certificate that you have requested through a third party like GlobalSign, etc.





Either way you will get a .crt or .pem file which includes the certificate. Store this certificate in  a known location on your server. For example: /opt/certs/










Also note down the keystore location that is currently configured in Weblogic. Note down the full path in Custom Identity Keystore.










Listing of Certificates


keytool -list -keystore /keystore.jks -storepass ***

Importing a single certificate to a keystore

keytool -importcert -file newcert.pem -destkeystore /keystore.jks -deststoretype jks \
    -deststorepass *** -alias 

Importing a  keystore (PKCS12) to a JKS


keytool -importkeystore -srckeystore cert-key.p12 -srcstoretype pkcs12 -srcstorepass *** keystore /keystore.jks -deststoretype jks -deststorepass ***


After this has been imported into the JKS, you might need a restart of the application server.