12/12/2023 0 Comments Keystore explorer import pemModify there the domain name details - replace "test.customed,de" with the full name of your custo diagnostic server - as specified in the custocfg.ini:īy then clicking twice "OK" you get the CSR at the location you have specified above. Right click on "main" and create a CSR request Īfter entering the key store password that menu opens: There should be only one entry called "main": The keystore password is here as well "custo1234". Open the keystore in the diagserverdata directory called keystore.jks: The answer from a CA is normally a pkcs file or several PEM files. This is the file you need to transfer to the CA to get a signed certificate created. The result in this example is the file .csr. For your server replace it by the full name of the server running custo diagnostic. In this example a request for the server is created. To work with the keytool program start CMD in administative context (run as admin):Ĭ:\diagserverdata> "c:\Program Files\custo diagnostic server\jre" \bin\keytool -certreq -alias main -file .csr -keystore keystore.jks -ext san=dns: The keystore is installed in parallel to the Windows certificate store and the diagserver uses only that one for the web server SSL service. To modify it the custo diagnostic service (Apache Tomcat service) must be stopped. With both tools you access the diagserver keystore stored in the diagserverdata directory: The CSR creation as well as the import of the certificate can be done either by command line program keytool (part of the the Java Runtime Engine installed with the custo diagnostic server) or via a graphic tool like the Keystore Explorer (see ). The procedure consists of the creation of a certificate signing request (CSR), the signature of it by the CA and the import of the signed public key - the certificate. Therefor ethe CA should be trusted by all customer clients and the certificate should have a reasonable validity monitored administratively. The only task of the CA should be the proper signature of the public key of your system. On the other hand: There is already a key pair installed - so no new one needs to be created, which is good from the IT security point of view as you should avoid creating a key pair on another system: Even a certification authority (CA should never get in touch with the private key. Beyond that the certificate validity must be within the time range specified in the certificate and this is by default only a one year period. The custo diagnostic client expects both. However neither the common name stored in the certificate probably matches with the client name nor the trust to this certificate is given. This already permits an encrypted HTTPs connection with the IP port defined in the installation program. By default the installation of the custo diagnostic server in Windows already creates a key pair with a self-signed certificate.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |