Creating the keystore
++++++++++++++++
$ which java
/usr/java8_64/bin/java
$ which keytooll
/usr/java8_64/bin/keytool
$ keytool -genkeypair -alias abw -keyalg RSA -keysize 2048 -validity 730 -keypass Wallet123 -keystore identity.jks -storepass Wallet123
What is your first and last name?
[Unknown]: abw.com.bh
What is the name of your organizational unit?
[Unknown]: IT Infrastructure
What is the name of your organization?
[Unknown]: AB WASIQ FINANCIAL SERVICES
What is the name of your City or Locality?
[Unknown]: Manama
What is the name of your State or Province?
[Unknown]: Capital
What is the two-letter country code for this unit?
[Unknown]: BH
Is CN=abw.com.bh, OU=IT Infrastructure, O=AB WASIQ FINANCIAL SERVICES, L=Manama, ST=Capital, C=BH correct? (type "yes" or "no")
[no]: YES
$
Creating the CSR
+++++++++++++++++++
$ keytool -certreq -alias abw -file certreq.csr -keystore identity.jks
Enter keystore password:
$
cat certreq.csr
-----BEGIN NEW CERTIFICATE REQUEST-----
GjAYBgNVBAsTEUlUIEluZnJhc3RydWN0dXJlMRowGAYDVQQDExFvbW1hcHMuYWZzLmNvbS5iaDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJdatmETaRKwpUqvfxH7F1Sh+lTjgI2A6DxW
sHTHtp4zuMhDwu/Gq0IhVRAqdJIU1AXpxq3kHBvJ2wyJaeKA0j6g+0biAtLKBlHhXVriu4YC9wYE
+UiUpjTufpZeVUV/mBrC+JyWn9RbfzRiLtJWKg+mD2u+DXeBFE1yhOldxipbRxNw1PHhwxhoA6tA
xZgwd4vHz+e+6LGMzc9UgxtyucSCnPT68uUBmOSuI4W68n5x8rqCud5eTZF2PxUWKFHNv5paQkUg
A+8V56StvlFiMUIC+QHHW+FiuW25c1TNZVx2iALilpSiaO7mO6dN42LkmwWgkjtNh/C/luCMal6t
m50CAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0OBBYEFNHsWaZYMb+aupQGzN6wQ4stwgZb
MA0GCSqGSIb3DQEBCwUAA4IBAQBjT8OHTbukbItjClMq3WAfPkBQ+oV0mg9y380EMJutqPzGc1Qz
hEQtgNPSlyh/GgYzXAewOf+gt5mL/f78DoBeWwowGqcEzRnuLY7Gmgb1AqVBJMSHs4XEnN4NChKa
OkyFnk4ZjKSaJO2jfh0+YHVVDPJFGMglb0SIZ1IYmm9PswlilV44fmq2QTOtfXcnPE2WJvd6f/N8
-----END NEW CERTIFICATE REQUEST-----$
To view the keystore
+++++++++++++++++++++
keytool -list -v -keystore identity.jks -storepass Wallet123
Now we need to import these certificates into identity.jks keystore once we get it from CA.
-Import the intermediate certificate first --> then the root certificate --> and then the signedcert/server certificate.
Import the intermediate certificate
+++++++++++++++++++++++++
cd /home/oracle/ABW
/usr/java8_64/bin/keytool -importcert -alias inter -file intermediate.cer -keystore identity.jks -storepass Wallet123
$ /usr/java8_64/bin/keytool -importcert -alias inter -file intermediate.cer -keystore identity.jks -storepass Wallet123
Owner: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Serial number: 1fda3eb6eca75c888438b724bcfbc91
Valid from: 3/8/13 3:00 PM until: 3/8/23 3:00 PM
Certificate fingerprints:
MD5: 34:5E:FF:15:B7:A4:9A:DD:45:1B:65:A7:F4:BD:C6:AE
SHA1: 1F:B8:6B:11:68:EC:74:31:54:06:2E:8C:9C:C5:B1:71:A4:B7:CC:B4
SHA256: 15:4C:43:3C:49:19:29:C5:EF:68:6E:83:8E:32:36:64:A0:0E:6A:0D:82:2C:CC:95:8F:B4:DA:B0:3E:49:A0:8F
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
2 CRL Distribution Points:
Distribution Point: [
Distribution Point Name: [URIName: http://crl3.digicert.com/DigiCertGlobalRootCA.crl]
Reason Flags: null
Issuer: null
]
Distribution Point: [
Distribution Point Name: [URIName: http://crl4.digicert.com/DigiCertGlobalRootCA.crl]
Reason Flags: null
Issuer: null
]
]
#2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: ocsp
accessLocation: URIName: http://ocsp.digicert.com
]]
#3: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[
PolicyInformation: [
CertPolicyId: 2.5.29.32.0
PolicyQualifiers: [PolicyQualifierInfo: [
CPSuri: [
object identifier: 1.3.6.1.5.5.7.2.1
uri: https://www.digicert.com/CPS]
]
]]
]]
#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
#5: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 03 de 50 35 56 d1 4c bb 66 f0 a3 e2 1b 1b c3 97 ..P5V.L.f.......
0010: b2 3d d1 55 ...U
]
]
#6: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0f 80 61 1c 82 31 61 d5 2f 28 e7 8d 46 38 b4 2c ..a..1a.....F8..
0010: e1 c6 d9 e2 ....
]
]
#7: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
Trust this certificate? [no]: yes
Certificate was added to keystore
$
Import the root certificate
++++++++++++++++++++
cd /home/oracle/ABW
/usr/java8_64/bin/keytool -importcert -alias root -file root.cer -keystore identity.jks -storepass Wallet123
/home/oracle/ABW
$ /usr/java8_64/bin/keytool -importcert -alias root -file root.cer -keystore identity.jks -storepass Wallet123
Owner: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Serial number: 83be056904246b1a1756ac95991c74a
Valid from: 11/10/06 3:00 AM until: 11/10/31 3:00 AM
Certificate fingerprints:
MD5: 79:E4:A9:84:0D:7D:3A:96:D7:C0:4F:E2:43:4C:89:2E
SHA1: A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
SHA256: 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 03 de 50 35 56 d1 4c bb 66 f0 a3 e2 1b 1b c3 97 ..P5V.L.f.......
0010: b2 3d d1 55 ...U
]
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 03 de 50 35 56 d1 4c bb 66 f0 a3 e2 1b 1b c3 97 ..P5V.L.f.......
0010: b2 3d d1 55 ...U
]
]
#4: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
Trust this certificate? [no]: yes
Certificate was added to keystore
$
Import server certificate
++++++++++++++++++
cd /home/oracle/ABW
/usr/java8_64/bin/keytool -importcert -alias ABW_SER -file server.cer -keystore identity.jks -storepass Wallet123
$ /usr/java8_64/bin/keytool -importcert -alias ABW_SER -file server.cer -keystore identity.jks -storepass Wallet123
Certificate reply was installed in keystore
$
To confirm your keystore is created correctly, you can look at the keystore using the following command:
++++++++++++++++++++++++++++++++++++++++++++
keytool -list -v -keystore identity.jks -storepass Wallet123
++++++++++++++++
$ which java
/usr/java8_64/bin/java
$ which keytooll
/usr/java8_64/bin/keytool
$ keytool -genkeypair -alias abw -keyalg RSA -keysize 2048 -validity 730 -keypass Wallet123 -keystore identity.jks -storepass Wallet123
What is your first and last name?
[Unknown]: abw.com.bh
What is the name of your organizational unit?
[Unknown]: IT Infrastructure
What is the name of your organization?
[Unknown]: AB WASIQ FINANCIAL SERVICES
What is the name of your City or Locality?
[Unknown]: Manama
What is the name of your State or Province?
[Unknown]: Capital
What is the two-letter country code for this unit?
[Unknown]: BH
Is CN=abw.com.bh, OU=IT Infrastructure, O=AB WASIQ FINANCIAL SERVICES, L=Manama, ST=Capital, C=BH correct? (type "yes" or "no")
[no]: YES
$
Creating the CSR
+++++++++++++++++++
$ keytool -certreq -alias abw -file certreq.csr -keystore identity.jks
Enter keystore password:
$
cat certreq.csr
-----BEGIN NEW CERTIFICATE REQUEST-----
GjAYBgNVBAsTEUlUIEluZnJhc3RydWN0dXJlMRowGAYDVQQDExFvbW1hcHMuYWZzLmNvbS5iaDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJdatmETaRKwpUqvfxH7F1Sh+lTjgI2A6DxW
sHTHtp4zuMhDwu/Gq0IhVRAqdJIU1AXpxq3kHBvJ2wyJaeKA0j6g+0biAtLKBlHhXVriu4YC9wYE
+UiUpjTufpZeVUV/mBrC+JyWn9RbfzRiLtJWKg+mD2u+DXeBFE1yhOldxipbRxNw1PHhwxhoA6tA
xZgwd4vHz+e+6LGMzc9UgxtyucSCnPT68uUBmOSuI4W68n5x8rqCud5eTZF2PxUWKFHNv5paQkUg
A+8V56StvlFiMUIC+QHHW+FiuW25c1TNZVx2iALilpSiaO7mO6dN42LkmwWgkjtNh/C/luCMal6t
m50CAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0OBBYEFNHsWaZYMb+aupQGzN6wQ4stwgZb
MA0GCSqGSIb3DQEBCwUAA4IBAQBjT8OHTbukbItjClMq3WAfPkBQ+oV0mg9y380EMJutqPzGc1Qz
hEQtgNPSlyh/GgYzXAewOf+gt5mL/f78DoBeWwowGqcEzRnuLY7Gmgb1AqVBJMSHs4XEnN4NChKa
OkyFnk4ZjKSaJO2jfh0+YHVVDPJFGMglb0SIZ1IYmm9PswlilV44fmq2QTOtfXcnPE2WJvd6f/N8
-----END NEW CERTIFICATE REQUEST-----$
To view the keystore
+++++++++++++++++++++
keytool -list -v -keystore identity.jks -storepass Wallet123
Now we need to import these certificates into identity.jks keystore once we get it from CA.
-Import the intermediate certificate first --> then the root certificate --> and then the signedcert/server certificate.
Import the intermediate certificate
+++++++++++++++++++++++++
cd /home/oracle/ABW
/usr/java8_64/bin/keytool -importcert -alias inter -file intermediate.cer -keystore identity.jks -storepass Wallet123
$ /usr/java8_64/bin/keytool -importcert -alias inter -file intermediate.cer -keystore identity.jks -storepass Wallet123
Owner: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Serial number: 1fda3eb6eca75c888438b724bcfbc91
Valid from: 3/8/13 3:00 PM until: 3/8/23 3:00 PM
Certificate fingerprints:
MD5: 34:5E:FF:15:B7:A4:9A:DD:45:1B:65:A7:F4:BD:C6:AE
SHA1: 1F:B8:6B:11:68:EC:74:31:54:06:2E:8C:9C:C5:B1:71:A4:B7:CC:B4
SHA256: 15:4C:43:3C:49:19:29:C5:EF:68:6E:83:8E:32:36:64:A0:0E:6A:0D:82:2C:CC:95:8F:B4:DA:B0:3E:49:A0:8F
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
2 CRL Distribution Points:
Distribution Point: [
Distribution Point Name: [URIName: http://crl3.digicert.com/DigiCertGlobalRootCA.crl]
Reason Flags: null
Issuer: null
]
Distribution Point: [
Distribution Point Name: [URIName: http://crl4.digicert.com/DigiCertGlobalRootCA.crl]
Reason Flags: null
Issuer: null
]
]
#2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: ocsp
accessLocation: URIName: http://ocsp.digicert.com
]]
#3: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[
PolicyInformation: [
CertPolicyId: 2.5.29.32.0
PolicyQualifiers: [PolicyQualifierInfo: [
CPSuri: [
object identifier: 1.3.6.1.5.5.7.2.1
uri: https://www.digicert.com/CPS]
]
]]
]]
#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
#5: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 03 de 50 35 56 d1 4c bb 66 f0 a3 e2 1b 1b c3 97 ..P5V.L.f.......
0010: b2 3d d1 55 ...U
]
]
#6: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0f 80 61 1c 82 31 61 d5 2f 28 e7 8d 46 38 b4 2c ..a..1a.....F8..
0010: e1 c6 d9 e2 ....
]
]
#7: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
Trust this certificate? [no]: yes
Certificate was added to keystore
$
Import the root certificate
++++++++++++++++++++
cd /home/oracle/ABW
/usr/java8_64/bin/keytool -importcert -alias root -file root.cer -keystore identity.jks -storepass Wallet123
/home/oracle/ABW
$ /usr/java8_64/bin/keytool -importcert -alias root -file root.cer -keystore identity.jks -storepass Wallet123
Owner: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Serial number: 83be056904246b1a1756ac95991c74a
Valid from: 11/10/06 3:00 AM until: 11/10/31 3:00 AM
Certificate fingerprints:
MD5: 79:E4:A9:84:0D:7D:3A:96:D7:C0:4F:E2:43:4C:89:2E
SHA1: A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
SHA256: 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 03 de 50 35 56 d1 4c bb 66 f0 a3 e2 1b 1b c3 97 ..P5V.L.f.......
0010: b2 3d d1 55 ...U
]
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 03 de 50 35 56 d1 4c bb 66 f0 a3 e2 1b 1b c3 97 ..P5V.L.f.......
0010: b2 3d d1 55 ...U
]
]
#4: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
Trust this certificate? [no]: yes
Certificate was added to keystore
$
Import server certificate
++++++++++++++++++
cd /home/oracle/ABW
/usr/java8_64/bin/keytool -importcert -alias ABW_SER -file server.cer -keystore identity.jks -storepass Wallet123
$ /usr/java8_64/bin/keytool -importcert -alias ABW_SER -file server.cer -keystore identity.jks -storepass Wallet123
Certificate reply was installed in keystore
$
To confirm your keystore is created correctly, you can look at the keystore using the following command:
++++++++++++++++++++++++++++++++++++++++++++
keytool -list -v -keystore identity.jks -storepass Wallet123
Choosing an SSL certification process for your site depends on the type of website you have, as well as the level of security that you require.
ReplyDeleteIf you want to know that how much does an SSL certificate cost then click here to more information:
HOW MUCH DOES AN SSL CERTIFICATE COST