by IDAMGroup
RSA Aveksa Self Signed Certificate Creation
RSA Aveksa (Jboss) Self Signed Certificate Creation
Aveksa Jboss Certificate Store location
#/home/oracle/jboss-<version>/server/default/conf/keystore
Aveksa has two Keystore
Keystore : aveksa.keystore
Truststore : server.keystore
IMPORTANT : Before doing anything take backup of above two keystore
Create certificate
oracle@acm-dev:~/jboss-4.2.2.GA/server/default/conf/keystore> keytool -genkey -alias aveksa_dev -keyalg RSA -keystore aveksa.keystore Enter keystore password: What is your first and last name? [Unknown]: mytechref.com What is the name of your organizational unit? [Unknown]: InfoSec What is the name of your organization? [Unknown]: MyTechReference What is the name of your City or Locality? [Unknown]: Edison What is the name of your State or Province? [Unknown]: NJ What is the two-letter country code for this unit? [Unknown]: US Is CN=mytechref.com, OU=InfoSec, O=MyTechReference, L=Edison, ST=NJ, C=US correct? [no]: yes
To list the newly created certificate
oracle@acm-dev:~/jboss-4.2.2.GA/server/default/conf/keystore> keytool -list -v -keystore aveksa.keystore Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries Alias name: server Creation date: Sep 24, 2015 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=ACM, OU=Aveksa, O=Aveksa, L=Waltham, ST=Massachusetts, C=US Issuer: CN=ACM, OU=Aveksa, O=Aveksa, L=Waltham, ST=Massachusetts, C=US Serial number: 5604836a Valid from: Thu Sep 24 17:12:42 MDT 2015 until: Sun Jan 04 16:12:42 MST 2065 Certificate fingerprints: MD5: A1:DF:C5:BC:FB:EF:E6:3B:54:16:2B:05:68:B1:00:EF SHA1: 3C:3D:8B:00:C4:10:3B:72:6E:77:1B:E4:45:BD:16:E7:01:EE:2C:38 Signature algorithm name: SHA256withRSA Version: 3 Alias name: aveksa_dev Creation date: Sep 25, 2015 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=acm-dev, OU=InfoSec, O=MyTechReference, L=Edison, ST=NJ, C=US Issuer: CN=acm-dev, OU=InfoSec, O=MyTechReference, L=Edison, ST=NJ, C=US Serial number: 56057b6a Valid from: Fri Sep 25 10:50:50 MDT 2015 until: Thu Dec 24 09:50:50 MST 2015 Certificate fingerprints: MD5: 67:CB:D0:3F:DE:00:0D:91:78:5D:Y5:B9:3C:06:A8:F2 SHA1: A0:CD:52:A9:2C:1E:7A:2D:9A:BB:63:0F:0A:D3:95:CB:95:12:5A:BB Signature algorithm name: SHA1withRSA Version: 3
Export the newly create certificate
oracle@acm-dev:~/jboss-4.2.2.GA/server/default/conf/keystore> keytool -export -alias aveksa_dev -file aveksa_dev.crt -keystore aveksa.keystore Enter keystore password: Certificate stored in file <aveksa_dev.crt> oracle@acm-dev:~/jboss-4.2.2.GA/server/default/conf/keystore> ls -rlt total 16 -rw-r--r-- 1 oracle oinstall 5300 Sep 25 09:50 server.keystore -rw-r--r-- 1 oracle oinstall 3538 Sep 25 10:50 aveksa.keystore -rw-rw-r-- 1 oracle oinstall 597 Sep 25 10:53 aveksa_dev.crt oracle@acm-dev:~/jboss-4.2.2.GA/server/default/conf/keystore>
Import the certificate into the Server.keystore to store the Trust key entry
oracle@acm-dev:~/jboss-4.2.2.GA/server/default/conf/keystore> keytool -import -alias aveksa_dev -file aveksa_dev.crt -keystore server.keystore
Enter keystore password:
Owner: CN=acm-dev, OU=InfoSec, O=MyTechReference, L=Edison, ST=NJ, C=US
Issuer: CN=acm-dev, OU=InfoSec, O=MyTechReference, L=Edison, ST=NJ, C=US
Serial number: 56057b6a
Valid from: Fri Sep 25 10:50:50 MDT 2015 until: Thu Dec 24 09:50:50 MST 2015
Certificate fingerprints:
MD5: 67:CB:D0:3F:DE:00:0D:91:78:5D:Y5:B9:3C:06:A8:F2
SHA1: A0:CD:52:A9:2C:1E:7A:2D:9A:BB:63:0F:0A:D3:95:CB:95:12:5A:BB
Signature algorithm name: SHA1withRSA
Version: 3
Trust this certificate? [no]: yes
Certificate was added to keystore
oracle@acm-dev:~/jboss-4.2.2.GA/server/default/conf/keystore>
keytool -list -v -keystore server.keystore
Alias name: aveksa_dev
Creation date: Sep 25, 2015
Entry type: trustedCertEntry
Owner: CN=acm-dev, OU=InfoSec, O=MyTechReference, L=Edison, ST=NJ, C=US
Issuer: CN=acm-dev, OU=InfoSec, O=MyTechReference, L=Edison, ST=NJ, C=US
Serial number: 56057b6a
Valid from: Fri Sep 25 10:50:50 MDT 2015 until: Thu Dec 24 09:50:50 MST 2015
Certificate fingerprints:
MD5: 67:CB:D0:3F:DE:00:0D:91:78:5D:Y5:B9:3C:06:A8:F2
SHA1: A0:CD:52:A9:2C:1E:7A:2D:9A:BB:63:0F:0A:D3:95:CB:95:12:5A:BB
Signature algorithm name: SHA1withRSA
Version: 3
Restart Jboss application server
#acm stop #acm start
---------------------------------------------------------------------------------------------------------------------------------------------
Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.