Steps to generate Keystore , CSR and Import Signed Certificates.
- Login into Unix Box
- Go to Java Home Dir
- cd %JAVA_HOME%/jre/bin
- Run the Keytool Command to Create Kestore - JKS
- keytool -genkey -keyalg RSA -alias <aliasname> -keystore identityKeystore.jks -storepass <replace_with_strong_password> -validity 900 -keysize 2048
- <aliasName> = Meaningfull Alias
- <replace_with_strong_password> = Ketstore Password
- When prompted, change the values provided based on your company's security policy
What is your first and last name?[Unknown]: VijayaKumarWhat is the name of your organizational unit?[Unknown]: DevelopmentWhat is the name of your organization?[Unknown]: ICSWhat is the name of your City or Locality?[Unknown]: BangaloreWhat is the name of your State or Province?[Unknown]: KAWhat is the two-letter country code for this unit?[Unknown]: INIs CN=<>, OU=<>, O=<>, L=Redwood Shores, ST=California, C=US correct?[no]: yesEnter key password for <aliasName>(RETURN if same as keystore password):
- List the file generated using ls command. Now you should see jks file
- ls
- Generate CSR file for signing authority.
- keytool -certreq -alias <aliasName> -keystore identityKeystore.jks -storepass <replace_with_strong_password> -storetype JKS -file icsclient.csr
- List the files generated using ls command. Now you should see both jks and csr file.
- ls
- Share the CSR file with signing authority. Or generate one using following URL.
- https://ssltools.digicert.com/checker/views/csrCheck.jsp
- In case if you receive the root and intermediate certificates from signing authrity us the followin commands to Import Root Certificates:
- keytool -import -keystore identityKeystore.jks -file <root_certificate_CA>.crt -alias DigiCertCARoot
- Import Intermediate Certificates :
- keytool -import -keystore identityKeystore.jks -file <intermediate_certificate_CA>.crt -alias DigiCertCAInter
- keytool -import -keystore identityKeystore.jks -file <my_company_signedcert.crt/pem> -alias icslientcert
- Use the following command to generate Client or Server certificate using Keystore.
- keytool -export -alias <aliasName> -storepass <replace_with_strong_password> -keystore identityKeystore.jks -file icsclient.cer/pem
- keytool -export -alias <aliasName> -storepass <replace_with_strong_password> -keystore identityKeystore.jks -file icsclient.cer/pem
- List all the certificates from JKS file.
- keytool -list -keystore identityKeystore.jks
Python Code :
headers = {'SOAPAction': '<wsdl_action>', 'Content-Type': 'text/text; charset=utf-8'}
requests.post('https://vijayakumarkv/ics/cloud.org', headers=headers,data=body.encode('utf-8'),cert=('/path/client.cert', '/path/client.key'))