• Created by Unknown User (tpacuszka), last modified on Jun 12, 2019

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

License Statistics accepts PKCS12 and JKS keystores. In this article we will present how to put your certificates into PKCS12 keystore.
If you already have PKCS12 or JKS keystore with loaded certificate and its key, then you don't need to do anything more.


To generate keystore you will need one of the toolkits for SSL/TLS protocol. You can use any of them, in our examples we will use openssl [1].
Depending on the format of your certificate, different steps will be needed. Format can be identified by file extension. Below we present most common ones.
In every case you will need two files: one containing certificate, and one containing certificate private key.

  • CER, PEM (.cer, .pem)

    openssl pkcs12 -export -out {path_to_created_keystore_file} -in {certificate_file_path} -inkey {key_file_path} -name {certificate_alias} -noiter -nomaciter
    Windows example
    openssl pkcs12 -export -out C:\MyDirectory\keystore.p12 -in C:\MyDirectory\certificate.cer -inkey C:\MyDirectory\certificate.key -name xflicstat -noiter -nomaciter
    Linux example
    openssl pkcs12 -export -out /home/mydirectory/keystore.p12 -in /home/mydirectory/certificate.cer -inkey /home/mydirectory/certificate.key -name xflicstat -noiter -nomaciter

  • DER (.der)

    1. Create intermediate .pem file from .der file:
openssl x509 -inform der -in {certificate_file_path} -out {created_pem_file}
2. Create keystore from intermediate .pem file - described in first "CER, PEM (.cer, .pem)" bullet point.
    Windows example
    openssl x509 -inform der -in C:\MyDirectory\certificate.der -out C:\MyDirectory\intermediate.pem
    Linux example
    openssl x509 -inform der -in /home/mydirectory/certificate.der -out /home/mydirectory/intermediate.pem

  • P7B (.p7b)

    1. Create intermediate .cer file from .p7b file 
openssl pkcs7 -print_certs -in {certificate_file_path} -out {intermediate_cer_file} 
2. Create keystore from intermediate .cer file - described in first "CER, PEM (.cer, .pem)" bullet point.
    Windows example
    openssl pkcs7 -print_certs -in C:\MyDirectory\certificate.p7b -out C:\MyDirectory\intermediate.cer
    Linux example
    openssl pkcs7 -print_certs -in /home/mydirectory/certificate.p7b -out /home/mydirectory/intermediate.cer

Remarks:

  • In every case you will be prompted for password. This password should be put under SSL_KEYSTORE_PASSWORD in xflicstat.cfg
  • {path_to_created_keystore_file} should be the path that you put under SSL_KEYSTORE key in xflicstat.cfg
  • {certificate_alias} should be the name that you put under SSL_KEYSTORE_KEY_ALIAS key in xflicstat.cfg
  • If you are migrating from 5.x settings then {certificate_file_path} is path to previously used certificate, defined as SSL_CERTIFICATE_FILE in old xflicstat.cfg
  • If you are migrating from 5.x settings then {key_file_path} is path to previously used certificate key, defined as SSL_CERTIFICATE_KEY_FILE in old xflicstat.cfg

  • On windows you can sometimes get "openssl unable to write 'random state'" error. It happens because openssl could not access C:\.rnd file. You can either gain acces to it, or change value of RANDFILE - it is environmental variable that stores path to .rnd file. RANDFILE should contain path to file that you have access to. If you are using powershell it can be changed with:

    $env:RANDFILE="C:\directory_i_own\.rnd"

Adnotations:

[1] On many linux distributions it is available by default. On windows you will probably need to install it. Installer can be compiled from sources (git://git.openssl.org/openssl.git) or downloaded from one of the providers (https://wiki.openssl.org/index.php/Binaries)



  • No labels