-
Check the certificate format using the following command:
openssl x509 -in <infile.cert> -text -inform <format> (where
format is DER or PEM depending on your needs)
-
Private keys are usually stored in encrypted PEM files. Convert them to a nonencrypted file.
You can use openssl on the command line:
openssl pkcs8 -topk8 -in <key> -out <hostname>-<instance>.key -nocrypt
-
Verify that the certificate and the private key (
.key file) are stored
using UNIX LF end of line characters:
- On Windows, you can use the following tool:
http://www.thefreecountry.com/tofrodos/index.shtml .
- On UNIX, you can use
dos2unix .
-
Overwrite the key and certificate files generated at installation time in
DATADIR/security . If you are using an alias, the Private key name must use the alias and not the default
<hostname>-<instance> . Performed this step on each product
instance. These files are located at:
- The public certificate:
DATADIR/security/<hostname>-<instance>.cert
- The Private key:
DATADIR/security/<hostname>-<instance>.key
-
Add the server certificate to the truststore of every product instance:
keytool -import -file <.cert file (DER)> -alias <jetty>
-keystore DATADIR/security/trusted.servers.ks -storepass <exalead>
|