How to Import private key into AutoSys Webserver keystore
book
Article ID: 232709
calendar_today
Updated On:
Products
Autosys Workload Automation
Issue/Introduction
This article provides steps on how to import a private key into the keystore for AutoSys Webserver using 2048-bit certs.
Environment
Release : 12.0
Component : CA Workload Automation AE (AutoSys)
Resolution
Do Not add Bouncey Castle to Java security file!! If it is there, comment it out and renumber the list of providers. The list must start with 1 and continue consecutively (1,2,3,4.....etc) # # List of providers and their preference orders (see above): # security.provider.1=sun.security.provider.Sun security.provider.2=sun.security.rsa.SunRsaSign security.provider.3=sun.security.ec.SunEC security.provider.4=com.sun.net.ssl.internal.ssl.Provider security.provider.5=com.sun.crypto.provider.SunJCE security.provider.6=sun.security.jgss.SunProvider security.provider.7=com.sun.security.sasl.Provider security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI security.provider.9=sun.security.smartcardio.SunPCSC
Logon to the AutoSys Web Server machine.
cd to $AUTOUSER/webserver/conf
Backup the existing .keystore file and then remove it. mv .keystore .keystore.bak rm .keystore
Create a temporary JKS keystore containing your private key and self-signed certificate... keytool -genkey -alias tomcat -keyalg RSA -keystore $AUTOUSER/webserver/conf/.keystore2 -storepass changeit -keypass changeit -keysize 2048 -dname "cn=xxxxxxxxx" -validity 720 Note: xxxxxxxxx is your server HOSTNAME. This can be either short name or fully qualified name.
Import the Root cert: keytool -importcert -alias RootCA -file $AUTOUSER/webserver/conf/<name_of_your_Root_cert_file> -keystore $AUTOUSER/webserver/conf/.keystore2 -storepass changeit Example name of cert file: RootCA.crt, RootCA.cer
Import the sub CA cert: keytool -importcert -alias SubCA1 -file $AUTOUSER/webserver/conf/<name_of_your_CA1_cert_file> -keystore $AUTOUSER/webserver/conf/.keystore2 -storepass changeit Example name of cert file: CA1.crt, CA1.cer
Import the sub CA2 cert: keytool -importcert -alias SubCA2 -file $AUTOUSER/webserver/conf/<name_of_your_CA2_cert_file> -keystore $AUTOUSER/webserver/conf/.keystore2 -storepass changeit Example name of cert file: CA2.crt, CA2.cer
Test the keystore. $JAVA_HOME/bin/keytool -storepass changeit -list -v -keystore .keystore2
Convert the temporary JKS keystore to a BCFKS keystore with the correct file name that the Web Server will expect. keytool -importkeystore -srckeystore $AUTOUSER/webserver/conf/.keystore2 -destkeystore $AUTOUSER/webserver/conf/.keystore -deststoretype BCFKS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath $AUTOSYS/lib/bc-fips.jar