1) Create a Certificate Request
keytool -genkeypair -v -alias '<hostname>' -keyalg 'RSA' -keysize 2048 -validity 1825 -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password>
CN = <hostname> -> use the servername as CN (important)
OU = OrgUnit
O = Org
L = Altamonte
S = Florida
C = US
2) Generate NEW CSR Request
keytool -certreq -alias '<hostname>' -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password>
-----BEGIN NEW CERTIFICATE REQUEST-----
4Q3Jxb63U9VMpqjGwU54o1cX6sJOpWgpxT5cpgP9tkf8ovV0jmvE3XhGztG1qDlYyov2J8/fMySJ
EUkC8nIKJHV9O/yM0jHZnhpjn1b+dwq8lE92sGz1DDNBDFJp73tnV3OgqOIn12wTro70wpHrao/h
t5LrmRfngtvt+6Bpsa/V7KOpCTXyYKe/OLcYB5r4OsliPUoNijXoIO+018U/3GwW7KP+NYc=
-----END NEW CERTIFICATE REQUEST-----
Once you have this key, save this to notepad and request for a signed key to (Create a Service Request)
3) These are the intermediate certificates mandatory for your organization to be imported
keytool -importcert -alias 'ahsca' -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password> -file '/u01/wforce/TST/17.0/newAffirmTrust_OV1.cer'
keytool -importcert -alias 'AffirmTrustOV1' -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password> -file '/u01/wforce/TST/17.0/newAffirmTrust_OV1.cer'
4) Once you have the signed key from Step 2. Use the following command to import the key into Keystore
keytool -importcert -alias '<hostname>' -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password> -file '/u01/wforce/TST/17.0/<hostname>.p7b'
5) Once you have the key imported. Use the following command to convert the signed key into PK12 format as workforce will need to be in this format
keytool -importkeystore -srckeystore '/u01/wforce/TST/17.0/workforce.keystore' -destkeystore '/u01/wforce/TST/17.0/<hostname>.p12' -srcstoretype JKS -deststoretype PKCS12 -srcalias 'lkmvwtabsdev21' -srcstorepass <password> -srckeypass <password> -deststorepass <password>
6) Use the ant command to import the certificate back in the keystore
./ant importTomcatCertificate -Dcertificate.file=/u01/wforce/TST/17.0/<hostname>.p12 -Dcertificate.pass=<password> -Dkeystore.alias=<hostname>
7) Important Step.
cat /u01/wforce/TST/17.0/catalina_base/conf/server.xml |grep keyAlias -A2 -B2
keystoreFile="/u01/wforce/TST/17.0/workforce.keystore"
keystorePass="<password>" algorithm="SunX509"
keyAlias="<hostname>" <---- Change to <hostname> as shown
compression="on"
compressionMinSize="2048"
8) bounce back the Empcenter Services
/u01/wforce/TST/17.0/wfsctl restart
keytool -genkeypair -v -alias '<hostname>' -keyalg 'RSA' -keysize 2048 -validity 1825 -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password>
CN = <hostname> -> use the servername as CN (important)
OU = OrgUnit
O = Org
L = Altamonte
S = Florida
C = US
2) Generate NEW CSR Request
keytool -certreq -alias '<hostname>' -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password>
-----BEGIN NEW CERTIFICATE REQUEST-----
4Q3Jxb63U9VMpqjGwU54o1cX6sJOpWgpxT5cpgP9tkf8ovV0jmvE3XhGztG1qDlYyov2J8/fMySJ
EUkC8nIKJHV9O/yM0jHZnhpjn1b+dwq8lE92sGz1DDNBDFJp73tnV3OgqOIn12wTro70wpHrao/h
t5LrmRfngtvt+6Bpsa/V7KOpCTXyYKe/OLcYB5r4OsliPUoNijXoIO+018U/3GwW7KP+NYc=
-----END NEW CERTIFICATE REQUEST-----
Once you have this key, save this to notepad and request for a signed key to (Create a Service Request)
3) These are the intermediate certificates mandatory for your organization to be imported
keytool -importcert -alias 'ahsca' -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password> -file '/u01/wforce/TST/17.0/newAffirmTrust_OV1.cer'
keytool -importcert -alias 'AffirmTrustOV1' -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password> -file '/u01/wforce/TST/17.0/newAffirmTrust_OV1.cer'
4) Once you have the signed key from Step 2. Use the following command to import the key into Keystore
keytool -importcert -alias '<hostname>' -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password> -file '/u01/wforce/TST/17.0/<hostname>.p7b'
5) Once you have the key imported. Use the following command to convert the signed key into PK12 format as workforce will need to be in this format
keytool -importkeystore -srckeystore '/u01/wforce/TST/17.0/workforce.keystore' -destkeystore '/u01/wforce/TST/17.0/<hostname>.p12' -srcstoretype JKS -deststoretype PKCS12 -srcalias 'lkmvwtabsdev21' -srcstorepass <password> -srckeypass <password> -deststorepass <password>
6) Use the ant command to import the certificate back in the keystore
./ant importTomcatCertificate -Dcertificate.file=/u01/wforce/TST/17.0/<hostname>.p12 -Dcertificate.pass=<password> -Dkeystore.alias=<hostname>
7) Important Step.
cat /u01/wforce/TST/17.0/catalina_base/conf/server.xml |grep keyAlias -A2 -B2
keystoreFile="/u01/wforce/TST/17.0/workforce.keystore"
keystorePass="<password>" algorithm="SunX509"
keyAlias="<hostname>" <---- Change to <hostname> as shown
compression="on"
compressionMinSize="2048"
8) bounce back the Empcenter Services
/u01/wforce/TST/17.0/wfsctl restart
No comments:
Post a Comment