License Statistics accepts PKCS12 and JKS keystores. In this article we will present how to put your certificates into PKCS12 keystore.
If you already have PKCS12 or JKS keystore with loaded certificate and its key, then you don't need to do anything more.
To generate keystore you will need one of the toolkits for SSL/TLS protocol. You can use any of them, in our examples we will use openssl [1].
Depending on the format of your certificate, different steps will be needed. Format can be identified by file extension. Below we present most common ones.
In every case you will need two files: one containing certificate, and one containing certificate private key.
CER, PEM (.cer, .pem)
openssl pkcs12 -export -out {path_to_created_keystore_file} -in {certificate_file_path} -inkey {key_file_path} -name {certificate_alias} -noiter -nomaciter
Windows exampleopenssl pkcs12 -export -out C:\MyDirectory\keystore.p12 -in C:\MyDirectory\certificate.cer -inkey C:\MyDirectory\certificate.key -name xflicstat -noiter -nomaciter
Linux exampleopenssl pkcs12 -export -out /home/mydirectory/keystore.p12 -in /home/mydirectory/certificate.cer -inkey /home/mydirectory/certificate.key -name xflicstat -noiter -nomaciter
DER (.der)
1. Create intermediate .pem file from .der file: openssl x509 -inform der -in {certificate_file_path} -out {created_pem_file} 2. Create keystore from intermediate .pem file - described in first "CER, PEM (.cer, .pem)" bullet point.
Windows exampleopenssl x509 -inform der -in C:\MyDirectory\certificate.der -out C:\MyDirectory\intermediate.pem
Linux exampleopenssl x509 -inform der -in /home/mydirectory/certificate.der -out /home/mydirectory/intermediate.pem
P7B (.p7b)
1. Create intermediate .cer file from .p7b file openssl pkcs7 -print_certs -in {certificate_file_path} -out {intermediate_cer_file} 2. Create keystore from intermediate .cer file - described in first "CER, PEM (.cer, .pem)" bullet point.
Windows exampleopenssl pkcs7 -print_certs -in C:\MyDirectory\certificate.p7b -out C:\MyDirectory\intermediate.cer
Linux exampleopenssl pkcs7 -print_certs -in /home/mydirectory/certificate.p7b -out /home/mydirectory/intermediate.cer
Remarks:
- In every case you will be prompted for password. This password should be put under SSL_KEYSTORE_PASSWORD in xflicstat.cfg
- {path_to_created_keystore_file} should be the path that you put under SSL_KEYSTORE key in xflicstat.cfg
- {certificate_alias} should be the name that you put under SSL_KEYSTORE_KEY_ALIAS key in xflicstat.cfg
- If you are migrating from 5.x settings then {certificate_file_path} is path to previously used certificate, defined as SSL_CERTIFICATE_FILE in old xflicstat.cfg
- If you are migrating from 5.x settings then {key_file_path} is path to previously used certificate key, defined as SSL_CERTIFICATE_KEY_FILE in old xflicstat.cfg
On windows you can sometimes get "openssl unable to write 'random state'" error. It happens because openssl could not access C:\.rnd file. You can either gain acces to it, or change value of RANDFILE - it is environmental variable that stores path to .rnd file. RANDFILE should contain path to file that you have access to. If you are using powershell it can be changed with:
$env:RANDFILE="C:\directory_i_own\.rnd"
Adnotations:
[1] On many linux distributions it is available by default. On windows you will probably need to install it. Installer can be compiled from sources (git://git.openssl.org/openssl.git) or downloaded from one of the providers (https://wiki.openssl.org/index.php/Binaries)