openssl req -new -newkey rsa:4096 -nodes -keyout mydomain.key -out mydomain.csr
Convert RSA private key to PEM format:
openssl rsa -in mydomain.key -text > mydomain-key.pem
In Linux, concatenate all *.pem files (cert first, followed by interca cert) into one pem file, like all.pem Then create keystore in p12 format with private key + all.pem
openssl pkcs12 -export -inkey private.key -in all.pem -name test -out test.p12
Then go into Windows, use Java included keytool to export p12 into jks
keytool -importkeystore -srckeystore test.p12 -srcstoretype pkcs12 -destkeystore test.jks
For Jira, make sure the "name" is "alias", use "jira" as "name".
The path of keystool.exe in Windows is at C:\Program Files\Java\jre7\bin
When done, list the content of the keystore file:
Keytool -list -keystore test.jks
Convert RSA private key to PEM format:
openssl rsa -in mydomain.key -text > mydomain-key.pem
Convert key, cert and ca-bundle into pfx format to be imported into IIS:
(If the IIS Server Windows Server 2016, must use OpenSSL 1.0.x to convert CRT to PFX otherwise the .pfx file import will fail with "incorrect password" error.)
openssl pkcs12 -export -out mydomain.pfx -inkey mydomain.key -in mydomain.crt -certfile intermediateCA.crt
Convert everything into Tomcat keystore file such as for JIRA:
openssl pkcs12 -export -inkey private.key -in all.pem -name test -out test.p12
Then go into Windows, use Java included keytool to export p12 into jks
keytool -importkeystore -srckeystore test.p12 -srcstoretype pkcs12 -destkeystore test.jks
For Jira, make sure the "name" is "alias", use "jira" as "name".
The path of keystool.exe in Windows is at C:\Program Files\Java\jre7\bin
When done, list the content of the keystore file:
Keytool -list -keystore test.jks
No comments:
Post a Comment