Description

This procedure will convert a VeriSign SSL Certificate (Java keystore) that is used by JBoss/tomcat (WCC for instance) into pkcs12 format that is used by eIAM. This procedure does not have to be done on the server. It can be done on another machine and then the files transferred to the server.

Solution

1. Download OpenSSL from the internet and install on a machine.
   
   
2. Put the ExportPriv.class file in a directory along with the Java Keystore, the Verisign X500 Certificate, and the Verisign Intermediate Certificate.
   
   
3. Execute command to extract the Private key from the keystore:
   
   
   java -classpath. ExportPriv XXX.keystore tomcat changeit >XXX.key
   
   
   (Note: XXX would actually be a unique identifier for your company's files such has your company name)
   
   
4. Execute command to create the pkcs12 format keystore:
   
   
   <openssl>\bin\openssl pkcs12 -export -in XXX.crt -inkey XXX.key -out XXX.p12 -name tomcat
   
   
5. Provide a password for the keystore
   
   
6. Copy the XXX.p12 file to the "Program Files\CA\SharedComponents\iTechnology" directory.
   
   
7. Edit the file "Program Files\CA\SharedComponents\iTechnology\igateway.conf".
   
   
8. Verify the version in the <Version> entry in the file. If it is less than 4.1.0.5 use the clear test password and go directly to step 10.
   
   
9. In a command window, change directory to the iTechnology directory and issue the following command to encrypt the password:
   
   
   Safex -munge (your password)
   
   
   Use the results of this command as the password in the next step.
   
   
10. Change the entries
    
    
    <CertURI></CertURI>
    <CertPW></CertPW>
    
    
    to
    
    
    <CertURI>XXX.p12</CertURI>
    <CertPW>(your password)</CertPW>
    
    
11. Restart the iTechnology iGateway service.