License Statistics accepts PKCS12 and JKS keystores. In this article we will present describe how to put your certificates into PKCS12 keystore.
If you already have PKCS12 or JKS keystore with a loaded certificate and its key, then you don't need to do anything more.
To generate a keystore you will need one of the toolkits for SSL/TLS protocol. You can use any of them, ; in our examples, we will use are using openssl [1].
Depending on the format of your certificate, you will need to take different steps will be needed. Format . Your certificate format can be identified by its file extension. Below we present , the most common onesof which are described below.
In every case, you will need two files: one containing certificate, and one containing certificate private key.
CER, PEM (.cer, .pem)
Code Block language text openssl pkcs12 -export -out {path_to_created_keystore_file} -in {certificate_file_path} -inkey {key_file_path} -name {certificate_alias} -noiter -nomaciter
Code Block language powershell title Windows example openssl pkcs12 -export -out C:\MyDirectory\keystore.p12 -in C:\MyDirectory\certificate.cer -inkey C:\MyDirectory\certificate.key -name xflicstat -noiter -nomaciter
Code Block language bash title Linux example openssl pkcs12 -export -out /home/mydirectory/keystore.p12 -in /home/mydirectory/certificate.cer -inkey /home/mydirectory/certificate.key -name xflicstat -noiter -nomaciter
DER (.der)
Code Block language text 1. Create intermediate .pem file from .der file: openssl x509 -inform der -in {certificate_file_path} -out {created_pem_file} 2. Create keystore from intermediate .pem file - described in first "CER, PEM (.cer, .pem)" bullet point.
Code Block language powershell title Windows example openssl x509 -inform der -in C:\MyDirectory\certificate.der -out C:\MyDirectory\intermediate.pem
Code Block language bash title Linux example openssl x509 -inform der -in /home/mydirectory/certificate.der -out /home/mydirectory/intermediate.pem
P7B (.p7b)
Code Block language text 1. Create intermediate .cer file from .p7b file openssl pkcs7 -print_certs -in {certificate_file_path} -out {intermediate_cer_file} 2. Create keystore from intermediate .cer file - described in first "CER, PEM (.cer, .pem)" bullet point.
Code Block language powershell title Windows example openssl pkcs7 -print_certs -in C:\MyDirectory\certificate.p7b -out C:\MyDirectory\intermediate.cer
Code Block language bash title Linux example openssl pkcs7 -print_certs -in /home/mydirectory/certificate.p7b -out /home/mydirectory/intermediate.cer
Remarks:
- In every case, you will be prompted for a password. This password should be put under SSL_KEYSTORE_PASSWORD in the xflicstat.cfg file.
- The {path_to_created_keystore_file} value should be the path that you put under SSL_KEYSTORE key in the xflicstat.cfg file.
- The {certificate_alias} value should be the name that you put under SSL_KEYSTORE_KEY_ALIAS key in the xflicstat.cfg file.
- If you are migrating from 5.x settings then , the {certificate_file_path} value is the path to the previously used certificate, defined as SSL_CERTIFICATE_FILE in your old xflicstat.cfg file.
- If you are migrating from 5.x settings then , the {key_file_path} value is the path to the previously used certificate key, defined as SSL_CERTIFICATE_KEY_FILE in your old xflicstat.cfg file.
On windows you can sometimes get Windows, you may get an "openssl unable to write 'random state'" error. It happens because openssl could not access This error occurs when openssl cannot access the "C:\.rnd" file. You can either gain acces to it, the file or change the value of RANDFILE - it is (the environmental variable that stores the path to the .rnd file). RANDFILE should contain the path to the file that you have access to. If you are using powershell it Powershell, the setting can be changed withby entering the following:
Code Block language powershell $env:RANDFILE="C:\directory_i_own\.rnd"
...
Annotations:
[1] On many linux Linux distributions it , openssl is available by default. On windows Windows, you will probably need to install itopenssl. Installer The installer can be compiled from sources source (git://git.openssl.org/openssl.git) or downloaded from one of the providers (https://wiki.openssl.org/index.php/Binaries).