![]() Importing the key pair using Keystore ExplorerĬhoose the type of Key Pair Type. Enter an export passwordĬlick the little set of keys to the right in the tools menu. The utility will ask to create an export password. Certficate files and private key before combining openssl pkcs12 -export -out -inkey -in -certfile Running OpenSSL to combine the files needed to import into the keystore First, you can download the OpenSSL Windows installation here: Download the OpenSSL Windows installerĪfter installation, use OpenSSL to combine the server certificate, CA certificate, and private key into a single file. The command to do what we need is very simple as well. This is a command line operation, however, it is the only command line tinkering that we need to do. To do that, we can use the OpenSSL command line utility to easily combine the files. With Jira and other Tomcat applications that read the keystore, we need to present the server certificate, CA certificate, and private key combined in the keystore. Keystore Explorer SSL certificate options Use OpenSSL to Combine Certificates and Private Keyīefore using Keystore Explorer, we need to do a bit of work on the certificate bundle received from the CA. This is a visual way to see the SSL certificate is indeed expired.Ĭhecking the keystore along with expiry status of the SSL certificateĪs you can see below, there are a wealth of options that are found inside the utility including Certificate Chain Details, Private Key Details, etc. Notice, the tomcatapp alias is showing a “red dot”. Opening a keystore file in Keystore Explorer Again, the keystore file contains the SSL certificate that needs replacing if expired/expiring. Then using Keystore Explorer, you can open this keystore file to view/edit, etc. I connected to my server via WinSCP and downloaded it to a temporary working directory on my Windows workstation. ![]() Simply download the “keystore” file (generally named just that and may be hidden in the user’s home directory). Beginning the Keystore Explorer installation Associate common Java and keystore file types with Keystore Explorer Select a destination directory Choosing shortcut creation options Keystore Explorer installation finishes Download the Keystore File and Open with Keystore ExplorerĮven if we are using a Linux platform as the Apache Tomcat server, we can still make use of the Windows based Keystore Explorer. exe file), the installer is a basic “next, next, finish” operation. Download the utility here: Īfter downloading (a small. Let’s look at installing this little gem and using it for replacing an SSL certificate in the keystore for use with Apache Tomcat. I found the above statement to be extremely accurate. KeyStore Explorer presents their functionality, and more, via an intuitive graphical user interface. KeyStore Explorer is an open source GUI replacement for the Java command-line utilities keytool and jarsigner. Let me introduce you to a GUI tool that makes interacting with the keystore file MUCH easier! It is called Keystore Explorer. However, the keytool command can be difficult to decipher correct syntax, and I have found many discrepancies between documentation, depending on the source of the documentation as to the correct syntax of keytool. The keytool command is the command line way to interact with the keystore file. Official documentation with many applications such as Atlassian Jira, have you use a combination of openssl commands and the keytool command. This file is usually found in the “Home” directory of the user that is running the Tomcat application. If you aren’t familiar, most if not all Apache Tomcat applications make use of a “ keystore” file that houses the private key and certificate chain that is read when the Apache Tomcat Java applet starts. Instead of painstakingly maneuvering around the myriad of commands to get a new SSL certificate in place, there is an easy way to do this with a handy GUI utility. Easy Way to Replace or Install Apache Tomcat SSL Certificate I want to show you an easy way to replace or install apache tomcat SSL certificate for Jira or any other Apache Tomcat based application. ![]() If you have ever done this before, you know that it can be a royal PITA as there are specific commands and specific certificate types that you have to have in order to make sure the command line options do not bomb out on you when you are updating the certificate. In working with a client recently, I was tasked with replacing an SSL certificate in Apache Tomcat, specifically for a JIRA install.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |