How to add an issued certificate to the JBOSS SSL keystore

book

Article ID: 35702

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Summary:

Many users want/need to replace the default SSL certificate located in the JBOSS keystore for numerous reasons/restrictions in their environment. This task can become very difficult with certain options not being used or following the correct process. This can result in a multitude of errors and a process longer than it should.

 

Instructions:

     

    • 1.     Create a new ssl.keystore with the alias of entm in it.
      keytool -genkey -alias entm -keyalg RSA -keystore ssl.keystore -storepass SSLKEYSTORE_PASSWORD -dname  
      "CN=user,OU=my_org_unit,o=my_org,L=AA,ST=my_state,C=my_country"

     

     

    • 2.     Generate a certificate request
      keytool -certreq -keyalg RSA -alias entm -keystore ssl.keystore -file CERT_REQUEST_FILENAME.csr
      Send the CRS to the Certificate team

     

     

    • 3.     Once it’s back, import the root CA first
      keytool -import -keystore ssl.keystore -alias rootCA -file ROOT_CA_CERT_FILENAME.cer

     

     

    • 4.     Then the intermediate if there is one
      keytool -import -keystore server.keystore -alias intermediateCA -file INTERMEDIATE_CA_CERT_FILENAME.cer

     

     

    • 5.     Then the machine certificate
      keytool -import -alias entm -keystore ssl.keystore -file MACHINE_CERT_FILENAME.cer

     

     

    • 6.     Start jboss and voila

     

      Additional Information:

       

      - https://docops.ca.com/cminder/12-9/EN/implementing/communication-encryption/how-to-replace-the-default-ssl-certificates

      - https://docops.ca.com/cminder/12-9/EN/implementing/communication-encryption/how-to-configure-certificate-based-authentication

       

      Environment

      Release: ACP1M005900-12.6-Privileged Identity Manager
      Component: