You can use below link to validate a CSR
https://ssltools.digicert.com/checker/views/csrCheck.jsp
Oracle&More
Friday 30 August 2019
Thursday 29 August 2019
Generate a JKS (Key Store)
Create a KeyStore:
keytool -genkey -alias mydomain -keyalg RSA -keystore KeyStore.jks -keysize 2048
Generate a CSR:
keytool -certreq -alias mydomain -keystore KeyStore.jks -file mydomain.csr
Import the root & intermediate certificates into your keystore:
keytool -import -trustcacerts -alias root -file root.crt -keystore KeyStore.jks
keytool -import -trustcacerts -alias intermediate -file intermediate.crt -keystore KeyStore.jks
Store and import your new certificate:
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore KeyStore.jks
Generate a SSL Certificate (Self Signed)
Step 1:
openssl genrsa -des3 -out mykey.key 1024
Step 2: Generate a CSR
openssl req -new -key mykey.key -out certificate.csr
Country Name (2 letter code) [GB]: UK
State or Province Name (full name) [Berkshire]:London
Locality Name (eg, city) [Newbury]:London City
Organization Name (eg, company) [My Company Ltd]:Test Corp
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:test.abc.com
Email Address []:test@abc.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Step 3: Remove the Passphrase from Key
To avoid your Apache or your webserver asking the passphrase every time a reboot is required. you can remove the pass phrase. Please ensure this key file is properly protected to avoid loosing the key through unauthorised access to the server.
cp mykey.key mykey.key.org
openssl rsa -in mykey.key.org -out mykey.key
Step 4: Generate a Self-Signed Certificate
Generate a temporary certificate that is valid for 365 days, :
Importing Certificates in Java Key Store(JKS)
whenever you are working with Weblogic and want to setup Certificates, you will need to configure the Java Key store, a file where certificates are stored.
You will first needs either a self signed certificate or a external certificate that you have requested through a third party like GlobalSign, etc.
Either way you will get a .crt or .pem file which includes the certificate. Store this certificate in a known location on your server. For example: /opt/certs/
Listing of Certificates
keytool -list -keystore/keystore.jks -storepass ***
Importing a single certificate to a keystore
keytool -importcert -file newcert.pem -destkeystore/keystore.jks -deststoretype jks \ -deststorepass *** -alias
Importing a keystore (PKCS12) to a JKS
keytool -importkeystore -srckeystore cert-key.p12 -srcstoretype pkcs12 -srcstorepass *** keystore /keystore.jks -deststoretype jks -deststorepass ***
After this has been imported into the JKS, you might need a restart of the application server.
Subscribe to:
Posts (Atom)