Hope that helps anyone else that has been in the same predicament. ssl]$ keytool -importkeystore -deststorepass thePassw0rd -destkeystore test.jks -srckeystore test.p12 -srcstoretype PKCS12 -alias theServerName The solution comes in the form of a little tool called Keystore Explorer, which is a gui tool that lets you import a p12 key, and then select & rename keys in the keystore even if those keys have no name.Īfter using that, I was able to run the first command above with my newly-renamed p12 file, and it worked like a charm. Without an alias though, you can’t reference it, you can’t convert it, but critically – in keytool, you can’t rename it either – as you can’t say -alias="" The problem, of course, is that the key has no name. I didn’t know how to get around this impasse for a while until finally realizing that the certificate provider did not have an alias in the PKCS12 file, and for Java Keystores, Aliases are REQUIRED elements so that you can select what key you want your application to use. Gave an error like this keytool error: : String index out of range: 0 However, what happens when you’ve got a PKCS12 key & certificate chain that has been generated for you which you then need to import into your java keystore? I’ve had trouble with this before, as attempts to import keys with a command like this: keytool -importkeystore -deststorepass ThePassw0rd -destkeystore test.jks -srckeystore ~my-signed-certificate-file.p12 -srcstoretype PKCS12 ![]() Select the certificate template you would like to use, for me it was a custom template I had setup.When you’re working with a java app like AEM, generally I’ve used this process to set up SSL, where you first generate your CSR with the keytool command which embeds the private key into a JKS file, then get the cert signed and import the signed cert back into the JKS file. In ‘ Personal > Certificates’ right click and select ‘ Request New Certificate’ and click ‘ Next’ on the screen that pops up. ![]() ![]() Select ‘ Certificates’ select ‘ Computer account’ ‘ Local computer’ and then ‘ Finish’ This new keystore with our custom certificate we first need to load up the I then export it with the private key and import it to the device if possible. Subject and any subject alternative names and generate the certificate on my machine. Then submit it to the CA and then submit the response back. Meaning I don’t have to create a request at the device in questions, Some templates setup to create custom certificates for various internal webĬertificate template I used allows me to submit custom information on each I stated before I am using a Windows Certification Authority and already have New file we will store the certificate we want the controller to use. Self-signed certificate that the UniFi controller uses with a new one. It is much easier to just replace the certificate store which holds the Is that the UniFi controller will by default use its own self-signedĬertificate to secure the connection which causes web browsers to flash up anĪnyone had luck importing SSLS cert on Unifi Controller from Ubiquiti UniFi hardware connected or making up your network. To the main topic, once you have installed and setup the controller it isĪccessible via a secure webpage allowing you to adopt, configure and monitor Ensuring that the certificate is still highlighted, click on File, and then Save As. Select the certificate by clicking it once, and then click on Tools, Change KeyStore Type, and then choose JKS. This eliminates the need to install and run the controller on a PFX file and open it, then enter the password for it and click OK. Piece of hardware called a Cloud Key which runs a local instance of theĬontroller. Software is available for most platforms and is also available as a standalone ![]() It can also be setup to allow remote access via a web portal to allow management Providers who charge extra for monitoring/management software for their devices. It is also completely free unlike a lot of other As for the price you get a lot of bang for your $! (Or £ inīig selling points for me is their software controller that is used to adoptĪnd configure devices. change the connector from the server.xml file. Last year we have been implementing more and more Ubiquiti hardware, mostly Import your certificate signed by GoDaddy by typing the following command: (Replace myFQDN.crt with the file name and location of the new GoDaddy certificate) keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file myFQDN.crt 3.
0 Comments
Leave a Reply. |