After importing the CA certificate into weblogic keystore "System Administrator" need the server certificate from keystore in pkcs12 format/pfx format which they will import in company portal.
Below is the complete procedure
1. First, convert the keystore from JKS ==> PKCS12
+++++++++++++++++++++++++++++++++++++++++++++++++
keytool -importkeystore -srckeystore identity.jks -destkeystore abwp_jks_2-pkc12.p12 -deststoretype pkcs12
2. Next, export a PEM file with key and certs from the PKCS12 file (PKCS12==> PEM)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
openssl pkcs12 -in abwp_jks_2-pkc12.p12 -out abwp_pkcs_2_pem.pem -nodes
3.Take backup of the file
+++++++++++++++++++++++++
cp -pr abwp_pkcs_2_pem.pem abwp_pkcs_2_pem.pem_backup
Now simply use a text editor to edit pemfile.pem and remove the offending certificate/keep server certificate (and its preceding "Bag Attributes").
4.Next, load the edited PEM file into a new PKCS12 file.
You'll need to give the cert/key the appropriate keystore alias, e.g. "abwp", at this point.
(PEM==>PKCS12)
+++++++++++++++++++++++++++++++++++++++++++++++++++++
openssl pkcs12 -export -in abwp_pkcs_2_pem.pem -name abwp -out abwp_PEM_2_P12.p12
5.Finally, convert back from PKCS12 to JKS (PKCS12==>JKS)
+++++++++++++++++++++++++++++++++++++++++++++++++
keytool -importkeystore -srckeystore abwp_PEM_2_P12.p12 -destkeystore new_abwp_pkcs_2_jks.jks -srcstoretype pkcs12
6.convert new JKS to pfx format ( new jks ==> pfx) and share it with Administrator
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
keytool -importkeystore -srckeystore new_abwp_pkcs_2_jks.jks -destkeystore final_abwp_jks_2_pfx.p12.pfx -srcstoretype JKS -deststoretype PKCS12 -deststorepass Wallet123 -srcalias abwp
Below is the complete procedure
1. First, convert the keystore from JKS ==> PKCS12
+++++++++++++++++++++++++++++++++++++++++++++++++
keytool -importkeystore -srckeystore identity.jks -destkeystore abwp_jks_2-pkc12.p12 -deststoretype pkcs12
2. Next, export a PEM file with key and certs from the PKCS12 file (PKCS12==> PEM)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
openssl pkcs12 -in abwp_jks_2-pkc12.p12 -out abwp_pkcs_2_pem.pem -nodes
3.Take backup of the file
+++++++++++++++++++++++++
cp -pr abwp_pkcs_2_pem.pem abwp_pkcs_2_pem.pem_backup
Now simply use a text editor to edit pemfile.pem and remove the offending certificate/keep server certificate (and its preceding "Bag Attributes").
4.Next, load the edited PEM file into a new PKCS12 file.
You'll need to give the cert/key the appropriate keystore alias, e.g. "abwp", at this point.
(PEM==>PKCS12)
+++++++++++++++++++++++++++++++++++++++++++++++++++++
openssl pkcs12 -export -in abwp_pkcs_2_pem.pem -name abwp -out abwp_PEM_2_P12.p12
5.Finally, convert back from PKCS12 to JKS (PKCS12==>JKS)
+++++++++++++++++++++++++++++++++++++++++++++++++
keytool -importkeystore -srckeystore abwp_PEM_2_P12.p12 -destkeystore new_abwp_pkcs_2_jks.jks -srcstoretype pkcs12
6.convert new JKS to pfx format ( new jks ==> pfx) and share it with Administrator
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
keytool -importkeystore -srckeystore new_abwp_pkcs_2_jks.jks -destkeystore final_abwp_jks_2_pfx.p12.pfx -srcstoretype JKS -deststoretype PKCS12 -deststorepass Wallet123 -srcalias abwp
No comments:
Post a Comment