License Statistics accepts PKCS12 and JKS keystores. In this article we will present how to put your certificates into PKCS12 keystore.
If you already have PKCS12 or JKS keystore with loaded certificate and its key, then you don't need to do anything more.
To generate keystore you will need one of the toolkits for SSL/TLS protocols. You can use any of them, in our examples we will use openssl [1].
Depending on the format of your certificate, different steps will be needed. Format can be identified by file extension. Below we present most common ones.
In every case you will need two files: one containing certificate, and one containing certificate private key.
- CER, PEM (.cer, .pem)
openssl pkcs12 -export -out {path_to_created_keystore_file} -in {certificate_file_path} -inkey {key_file_path} -name {certificate_alias} -noiter -nomaciter
windows example:
unix example:
- DER (.der)
1. First we need to create new .pem file from .der file
openssl x509 -inform der -in {certificate_file_path} -out {created_pem_file}
2. Next we create keystore from created .pem file
openssl pkcs12 -export -out {path_to_created_keystore_file} -in {created_pem_file} -inkey {key_file_path} -name {certificate_alias} -noiter -nomaciter
- P7B (.p7b)
1. First we need to create new .cer file from .p7b file
openssl pkcs7 -print_certs -in {certificate_file_path} -out {created_cer_file}
2. Next we create keystore from created .cer file
openssl pkcs12 -export -out {path_to_created_keystore_file} -in {created_cer_file} -inkey {key_file_path} -name {certificate_alias} -noiter -nomaciter
License Statistics configuration remarks:
1. In every case you will be prompted for password. This password should be put under SSL_KEYSTORE_PASSWORD in xflicstat.cfg
2. {path_to_created_keystore_file} should be the path that you put under SSL_KEYSTORE key in xflicstat.cfg
3. {certificate_alias} should be the name that you put under SSL_KEYSTORE_KEY_ALIAS key in xflicstat.cfg
4. If you are migrating from 5.x settings then {certificate_file_path} is path to previously used certificate, defined as SSL_CERTIFICATE_FILE in old xflicstat.cfg
5. If you are migrating from 5.x settings then {key_file_path} is path to previously used certificate key, defined as SSL_CERTIFICATE_KEY_FILE in old xflicstat.cfg
[1] On many linux distributions it is available by default. On windows you will probably need to install it. Installer can be compiled from sources (git://git.openssl.org/openssl.git) or downloaded from one of the providers (https://wiki.openssl.org/index.php/Binaries)
openssl unable to write 'random state' windows