In case there is an Intermediate or Root certificate necessary to validate this certificate, import it as well with right click – Import Trusted Certificate (in my case, it’s the automicCA.crt).Import the jetty.crt (or the certificate reply from your CA tool) doing right click on your key pair – Import CA Reply.openssl x509 -req -CA automicCA.crt -CAkey automicCA.key -CAcreateserial -extensions v3_req -in jetty.csr -out jetty.crt -days 365.openssl req -x509 -new -key automicCA.key -sha256 -days 700 -out automicCA.crt.openssl genrsa -aes256 -out automicCA.key 2048.This can be done in three steps (jetty.csr will be the request generated before with keystore explorer, jetty.crt will be the signed certificate and automicCA.crt will be the CA Root certificate):.For testing purposes, openssl in a Linux server has been used.Now, depending on the Internal or Public CA Certificate tool, please follow the instructions necessary to sign this csr and export the certificate in a supported format including the whole trust chain and immediate CA root certificate necessary.Now we are ready to Generate a CSR ( certificate sign request), click right on this alias and click on Generate CSR.Then click OK and set as Alias jetty to match what JCP is expecting by default, and assign a password ( changeit is the default password JCP is using).Then double-click in Subject Alternative Names to edit it and add ALL the other AE Servers that you would require for your AE Server (1,2,4 depending on your configuration) and add the FQDN (fully qualified domain name) of all the servers and DNS Alias that you may use to access it as below.Click in Add Extensions and then in Use Standard Template and select SSL Server as below:.Add as Subject the CN being the hostname of your server as below:.Leave the rest of parameters by default, increase the validity if you are signing with an Internal CA or public CA, else it will be valid for 1 year.Click-right – Generate Key Pair – leave by default Algorithm set to RSA – Key size 2048.Create a new Keystore with Format PKCS #12.Cannot convert the "" value of type "" to type "".See below an example of the steps to perform all these steps with Keystore Explorer: When I try to use ConvertFrom-SecureString I get this error because it isn't the correct type:ĬonvertFrom-SecureString : Cannot bind parameter 'SecureString'. $secureKey = ConvertFrom-SecureString $privKey $newCert = Get-Certificate -Template $myNewTemplate -DnsName $newCertName -SubjectName ('CN=' $newCertName) -CertStoreLocation 'Cert:\LocalMachine\My'Įxport-Certificate -Cert $ -FilePath ($certFolderPath '\' $newCertName '.cer') -Type CERT Here is what I have for making the certificate,Įxporting it and getting the encrypted private key. Thank you for the response! I have started to look into the CovertFrom and ConvertTo cmdlets, but I'm still not sure how to get the private key from the certificate object in the correct form to put in the. I'm using Windows Server 2012 R2
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |