Creating a PKCS12 keystore for SPE
search cancel

Creating a PKCS12 keystore for SPE

book

Article ID: 281651

calendar_today

Updated On:

Products

Protection Engine for NAS Protection Engine for Cloud Services

Issue/Introduction

You request to know how to create a PKCS12 keystore for use with the Symantec Protection Engine's (SPE) RestAPI.

Environment

SPE 9.x

Resolution

  1. Login to a system with OpenSSL installed

Note: For this article we will be utilizing a Linux environment

  1. Copy your private key (herein referred to as "key.pem") and your certificate (herein referred to as "cert.pem") into the same folder
  2. Combine the two files using a command similar to the one below: 
     cat key.pem cert.pem > server.pem
  3. Create a PKCS12 keystore using the following command: 
     openssl pkcs12 -export -in server.pem -out keystore.pkcs12 -name my_alias
  4. If key.pem is encrypted (recommended) then you will be prompted for the password. Enter the password for key.pem and press
  5. Enter a password for the keystore and press
  6. Enter the password for the keystore again and press
  7. Stop the SPE RESTAPI Service
  8. Go to the /RestAPI directory.
  9. Fill out the application.yml as follows (Note: you will need to enter your own values) 
    server:
	ssl:
		enabled: true
		key-alias: my_alias
		key-store: path/to/keystore
		key-store-type: PKCS12
		key-store-password: yourKeyStorePassword
		key-password: yourKeyPassword

Note: If your key.pem is not encrypted (i.e. doesn't include a password), then remove the line that starts with 'key-password'

  1. Save the application.yml file.
  2. Restart the SPE RestAPI service
Powered by Wolken Software