Versions Compared

Old Version 8

changes.mady.by.user Florian Raschbichler

Saved on

compared with

New Version 9

changes.mady.by.user Florian Raschbichler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

View file
nameint-openssl.cnf
View file
nameca-openssl.cnf

Image RemovedImage Added

Create the following directory tree and empty, two index.txt and serial files containing integer values.
Place files in their corresponding directories and modify them to match your organisation’s information.
Your keystores and truststores will be output to a directory named keystores one level above your working directory.

...


We now have all necessary parts to produce a keystore

...


Concatenate the certificate chain:

cat

...

certs/ca.cert.pem

...

intermediate/certs/intermediate.cert.pem

...

intermediate/certs/broker.hivemq.local.cert.pem

...

>

...

../keystores/broker.hivemq.local.chain.pem;

...

Import the certificate chain and the private key in to a PKCS12 container

openssl pkcs12 -export -in ../keystores/broker.hivemq.local.chain.pem

...

-inkey

...

intermediate/private/broker.hivemq.local.key.pem

...

>

...

../keystores/broker.hivemq.local.p12;

...

Import the contents of the PKCS12 container in to an JKS container.

keytool -importkeystore -trustcacerts -srckeystore ../keystores/broker.hivemq.local.p12

...

-destkeystore

...

../keystores/broker.hivemq.local-keystore.jks

...

-srcstoretype

...

pkcs12

...

-destalias

...

broker.hivemq.local

...

-alias

...

1;

...

Remove the concatenated certificate chain and the PKCS12 container

rm -f

...

../keystores/broker.hivemq.local.p12

...

../keystores/broker.hivemq.local.chain.pem;

… and truststore

Code Block
keytool -import -trustcacerts -alias 'Root CA' -file certs/ca.cert.pem -keystore ../keystores/broker.hivemq.local-truststore.jks;

...

Now it is time to generate the client’s keystore…

...

Concatenate the certificate chain:

cat

...

certs/ca.cert.pem

...

intermediate/certs/intermediate.cert.pem

...

intermediate/certs/client1.cert.pem

...

> ../keystores/client1.chain.pem;

If you want to create a certificate chain to be used in PEM format directly the order of the certificates needs to be changed:
cat intermediate/certs/client1.cert.pem intermediate/certs/intermediate.cert.pem certs/ca.cert.pem> ../keystores/new-client1.chain.pem;

...

Import the certificate chain and the private key in to a PKCS12 container

openssl pkcs12 -export -in ../keystores/client1.chain.pem

...

-inkey

...

intermediate/private/client1.key.pem

...

>

...

../keystores/client1.p12;

...

Import the contents of the PKCS12 container in to an JKS container.

keytool -importkeystore -trustcacerts -srckeystore ../keystores/client1.p12

...

-destkeystore

...

../keystores/client1-keystore.jks

...

-srcstoretype

...

pkcs12

...

-destalias

...

client1

...

-alias

...

1;

...

Remove the concatenated certificate chain and the PKCS12 container

rm -f

...

../keystores/client1.p12

...

../keystores/client1.chain.pem;

…and truststore

Code Block
keytool -import -trustcacerts -alias 'Root CA' -file certs/ca.cert.pem -keystore ../keystores/client1-truststore.jks;

...