Configuring a Keystore
This section provides information on how to configure a keystore with a Trusted Certificate and private key.
The following instructions assume the following:
- A private key for the certificate in PEM (Privacy Enhanced Mail) format. In the example this private key is named
private-key.pem
. - An X.509 trusted certificate configured with an FQDN (Fully Qualified Domain Name). In the example this trusted certificate is named
server.crt
. - A file containing the CA certificate chain. Both root and intermediate certificates must be present. In the example this file is named
ca.crt
.
Convert the X.509 certificate and private key to pkcs12 format:
$ openssl pkcs12 -export -chain -in server.crt -inkey private-key.pem -out server.p12 -name amc-server -CAfile ca.crt Enter Export Password: <export-password> Verifying - Enter Export Password: <export-password>
Convert the pkcs12 file to a keystore.
Execute the following command, making sure that the
keystore-password
andkey-password
match the HTTP configuration settings, see HTTP Standard Setup.$ keytool -importkeystore \ -deststorepass <keystore-password> -destkeypass <key-password> \ -destkeystore containter.keys -srckeystore server.p12 \ -srcstoretype PKCS12 -srcstorepass <export-password> -alias platform
Note!
The default keystore alias for the certificate is
platform
but can be reconfigured, see HTTP Configuration Properties. If this has been done, change the alias in the command provided above.
You can now use the keystore file, container.keys, as described in the section HTTP Standard Setup.