openssl x509 -req -CA automicCA.crt -CAkey automicCA.key -CAcreateserial -extensions v3_req -in jetty.csr -out jetty.crt -days 365.openssl req -x509 -new -key automicCA.key -sha256 -days 700 -out automicCA.crt.openssl genrsa -aes256 -out automicCA.key 2048.This can be done in three steps (jetty.csr will be the request generated before with keystore explorer, jetty.crt will be the signed certificate and automicCA.crt will be the CA Root certificate):.For testing purposes, openssl in a Linux server has been used.Now, depending on the Internal or Public CA Certificate tool, please follow the instructions necessary to sign this csr and export the certificate in a supported format including the whole trust chain and immediate CA root certificate necessary.Now we are ready to Generate a CSR ( certificate sign request), click right on this alias and click on Generate CSR.Then click OK and set as Alias jetty to match what JCP is expecting by default, and assign a password ( changeit is the default password JCP is using).Then double-click in Subject Alternative Names to edit it and add ALL the other AE Servers that you would require for your AE Server (1,2,4 depending on your configuration) and add the FQDN (fully qualified domain name) of all the servers and DNS Alias that you may use to access it as below.Click in Add Extensions and then in Use Standard Template and select SSL Server as below:.Add as Subject the CN being the hostname of your server as below:.Leave the rest of parameters by default, increase the validity if you are signing with an Internal CA or public CA, else it will be valid for 1 year.Click-right – Generate Key Pair – leave by default Algorithm set to RSA – Key size 2048.Create a new Keystore with Format PKCS #12.See below an example of the steps to perform all these steps with Keystore Explorer:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |