MyTechReference - Technical Notes

MyTechReference


by IDAMGroup

RSA Aveksa Self Signed Certificate Creation

RSA Aveksa (Jboss) Self Signed Certificate Creation

Aveksa Jboss Certificate Store location

#/home/oracle/jboss-<version>/server/default/conf/keystore

Aveksa has two Keystore

Keystore  :       aveksa.keystore
Truststore :      server.keystore

IMPORTANT : Before doing anything take backup of above two keystore

Create certificate

oracle@acm-dev:~/jboss-4.2.2.GA/server/default/conf/keystore> keytool -genkey -alias aveksa_dev -keyalg RSA -keystore aveksa.keystore
Enter keystore password:
What is your first and last name?
[Unknown]:  mytechref.com
What is the name of your organizational unit?
[Unknown]:  InfoSec
What is the name of your organization?
[Unknown]:  MyTechReference
What is the name of your City or Locality?
[Unknown]:  Edison
What is the name of your State or Province?
[Unknown]:  NJ
What is the two-letter country code for this unit?
[Unknown]:  US
Is CN=mytechref.com, OU=InfoSec, O=MyTechReference, L=Edison, ST=NJ, C=US correct?
[no]:  yes

To list the newly created certificate

oracle@acm-dev:~/jboss-4.2.2.GA/server/default/conf/keystore> keytool -list -v -keystore aveksa.keystore
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: server
Creation date: Sep 24, 2015
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=ACM, OU=Aveksa, O=Aveksa, L=Waltham, ST=Massachusetts, C=US
Issuer: CN=ACM, OU=Aveksa, O=Aveksa, L=Waltham, ST=Massachusetts, C=US
Serial number: 5604836a
Valid from: Thu Sep 24 17:12:42 MDT 2015 until: Sun Jan 04 16:12:42 MST 2065
Certificate fingerprints:
MD5:  A1:DF:C5:BC:FB:EF:E6:3B:54:16:2B:05:68:B1:00:EF
SHA1: 3C:3D:8B:00:C4:10:3B:72:6E:77:1B:E4:45:BD:16:E7:01:EE:2C:38
Signature algorithm name: SHA256withRSA
Version: 3
Alias name: aveksa_dev
Creation date: Sep 25, 2015
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=acm-dev, OU=InfoSec, O=MyTechReference, L=Edison, ST=NJ, C=US
Issuer: CN=acm-dev, OU=InfoSec, O=MyTechReference, L=Edison, ST=NJ, C=US
Serial number: 56057b6a
Valid from: Fri Sep 25 10:50:50 MDT 2015 until: Thu Dec 24 09:50:50 MST 2015
Certificate fingerprints:
MD5:  67:CB:D0:3F:DE:00:0D:91:78:5D:Y5:B9:3C:06:A8:F2
SHA1: A0:CD:52:A9:2C:1E:7A:2D:9A:BB:63:0F:0A:D3:95:CB:95:12:5A:BB
Signature algorithm name: SHA1withRSA
Version: 3

 

Export the newly create certificate

oracle@acm-dev:~/jboss-4.2.2.GA/server/default/conf/keystore> keytool -export -alias aveksa_dev -file aveksa_dev.crt -keystore aveksa.keystore
Enter keystore password:
Certificate stored in file <aveksa_dev.crt>
oracle@acm-dev:~/jboss-4.2.2.GA/server/default/conf/keystore> ls -rlt
total 16
-rw-r--r-- 1 oracle oinstall 5300 Sep 25 09:50 server.keystore
-rw-r--r-- 1 oracle oinstall 3538 Sep 25 10:50 aveksa.keystore
-rw-rw-r-- 1 oracle oinstall  597 Sep 25 10:53 aveksa_dev.crt
oracle@acm-dev:~/jboss-4.2.2.GA/server/default/conf/keystore>

Import the certificate into the Server.keystore to store the Trust key entry

oracle@acm-dev:~/jboss-4.2.2.GA/server/default/conf/keystore> keytool -import -alias aveksa_dev -file aveksa_dev.crt -keystore server.keystore
Enter keystore password:
Owner: CN=acm-dev, OU=InfoSec, O=MyTechReference, L=Edison, ST=NJ, C=US
Issuer: CN=acm-dev, OU=InfoSec, O=MyTechReference, L=Edison, ST=NJ, C=US
Serial number: 56057b6a
Valid from: Fri Sep 25 10:50:50 MDT 2015 until: Thu Dec 24 09:50:50 MST 2015
Certificate fingerprints:
MD5:  67:CB:D0:3F:DE:00:0D:91:78:5D:Y5:B9:3C:06:A8:F2
SHA1: A0:CD:52:A9:2C:1E:7A:2D:9A:BB:63:0F:0A:D3:95:CB:95:12:5A:BB
Signature algorithm name: SHA1withRSA
Version: 3
Trust this certificate? [no]:  yes
Certificate was added to keystore
oracle@acm-dev:~/jboss-4.2.2.GA/server/default/conf/keystore>
keytool -list -v -keystore server.keystore
Alias name: aveksa_dev
Creation date: Sep 25, 2015
Entry type: trustedCertEntry
Owner: CN=acm-dev, OU=InfoSec, O=MyTechReference, L=Edison, ST=NJ, C=US
Issuer: CN=acm-dev, OU=InfoSec, O=MyTechReference, L=Edison, ST=NJ, C=US
Serial number: 56057b6a
Valid from: Fri Sep 25 10:50:50 MDT 2015 until: Thu Dec 24 09:50:50 MST 2015
Certificate fingerprints:
MD5:  67:CB:D0:3F:DE:00:0D:91:78:5D:Y5:B9:3C:06:A8:F2
SHA1: A0:CD:52:A9:2C:1E:7A:2D:9A:BB:63:0F:0A:D3:95:CB:95:12:5A:BB
Signature algorithm name: SHA1withRSA
Version: 3

Restart Jboss application server

#acm stop
#acm start

 

 

---------------------------------------------------------------------------------------------------------------------------------------------

Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.