If a wildcard certificate has been provided in either a .pfx or .p12 format, we would need a procedure to import this certificate into UMP. This document describes the tasks on how to import a given a wildcard certificate .pfx file with *.example.com as the domain, import this certificate to wasp and (optionally) apply automatic HTTPS redirects.
By default, you cannot import these types of certificates into the UMP certificate store following the procedure describes in our documentation on how to enable Https in UMP.
Configure the port number for SSL traffic using the https_port parameter, which is located under the setup key in Raw Configure. This parameter is normally set to 443, but any port between 1 - 65545 can be specified.
Note: If the https_port parameter does not currently exist in the wasp.cfg file, add it manually. As an example, refer to the http_port parameter.
This can be very challenging for several reasons. Since a Certificate Sign Request (CSR) was not generated from wasp, the keystore does not currently have any knowledge of the private key used to generate the cert request. Also, Java can be very particular about the format it expects the key to be in. Another potential hurdle is the fact that the keytool application shipped as part of older versions of Java provided all the functionality to generate a private key and CSR from a Java keystore, but did not allow the importing of a preexisting private key or certificate generated externally. This was fixed in Java 6. The solution is to convert the existing certificate and key into a PKCS12 file, and then use keytool to merge one keystore with another. Java 6 (or higher) can treat a PKCS12 file as a keystore. The most recent java_jre in the Nimsoft archive is 1.8. which meets this requirement.
1. Make certain the certificate you have been provided is in the PKCS12 format that java expects. If the certificate is in a .pfx format (PKCS12 extention), it will need to be converted using OpenSSL:
openssl pkcs12 -in mypfxfile.pfx -out mypemfile.pem
openssl pkcs12 -export -in mypemfile.pem -out mykeystore.p12 -name wasp
The name switch above represents the alias that will be assigned to this keystore, wasp in this case.
2. Import the PKC12 certificate to the wasp.keystore location, by default: C:\Program Files (x86)\Nimsoft\probes\service\wasp\conf
In a command prompt, navigate to: C:\Program Files (x86)\Nimsoft\probes\service\wasp\conf
3. Issue the following command:
C:\Program Files (x86)\Nimsoft\jre\jre8u102\bin\keytool -list -alias wasp -keystore wasp.keystore
Enter keystore password:
wasp, Nov 1, 2011, PrivateKeyEntry,
Certificate Fingerprint (MD5): <fingerprint data>
4. Run the import command replacing the italics with the appropriate password:
C:\Program Files (x86)\Nimsoft\jre\jre8u102\bin\keytool -importkeystore -deststorepass p12password
-destkeypass pemPassword -destkeystore wasp.keystore -srckeystore mykeystore.p12 -srcstoretype PKCS12
-srcstorepass srcstorepass -alias wasp
Existing entry alias wasp exists, overwrite? [no]:? yes
5. Verify that you have updated the wasp.keystore - this should differ from the output you got when you ran the command the first time
6. Enter keystore password:
You should be able to access the UMP or OC now
UMP - https://<UMP FQDN>
OC - https://<OC FQDN>/operatorconsole_portlet/standalone_login.jsp