A certificate signing request (CSR) was generated using keytool and signed by a third party certificate authority but cannot be imported into Messaging Gateway (SMG) without the private key. The following process demonstrates how to extract the private key from a java keystore and format it for import into SMG.
Release : 10.7.5
Component :
This may not work for all keystores or private keys depending on keytool version or how the CSR was originally created
keytool -genkeypair -alias SMG -keyalg RSA -keysize 2048 -keystore .keystore -validity 365 -storepass storepassword -dname "CN=smg.example.com, O=DOMAIN, C=US" -ext san=email:[email protected],dns: smg.example.com,ip: 192.0.2.5
keytool -certreq -alias SMG -keyalg RSA -keystore .keystore -storepass storepassword -file "SMG.csr" -ext san=email:[email protected],dns: smg.example.com,ip: 192.0.2.5
keytool -srckeystore .keystore -srcstorepass storepassword -srcalias SMG -destalias SMG -destkeystore private.p12 -deststoretype PKCS12 -deststorepass password -destkeypass password -importkeystore
openssl pkcs12 -in private.p12 -nodes -nocerts -out private.key
openssl rsa -in private.key -out private_nopass.key
cat private_nopass.key >> signed_certificate.pem
cat signed_certificate.pem
-----BEGIN CERTIFICATE-----
[certificate data redacted]
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
[key data redacted]
-----END RSA PRIVATE KEY-----