webMethods

webMethods

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  certificate -- keystore issue

    Posted Tue April 09, 2013 11:32 AM

    We have installed 8.2.2.0. I am trying to configure the certs for https ssl handshake. for that I have created keystore files by using keytool.
    1.private_wm82.key
    2. csr_wm82.csr
    3.wm82.pem
    4.wm82.jks
    5.certificate_wm82.pfx
    Now i tried to import the Certificate into a Java Keystore. by using the command
    keytool -import -file wm82.pem -keystore wm82.jks -alias mykey -trustcacerts
    it was added to keystore. but the issue is when i run the below command i got error
    command: java org.mortbay.jetty.security.PKCS12Import certificate_wm82.pfx wm82.jks
    error: Exception in thread “main” java.io.IOException: Invalid keystore format
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
    at java.security.KeyStore.load(KeyStore.java:1185)
    at org.mortbay.jetty.security.PKCS12Import.main(PKCS12Import.java:97)

    Please help me out in this.

    Thanks in Advance,
    Noor Shaik


    #webMethods
    #Integration-Server-and-ESB


  • 2.  RE: certificate -- keystore issue

    Posted Tue April 09, 2013 12:34 PM

    Have you tried using these UI tool?

    http://code.google.com/p/keytool-iui/

    use the keytool java command line it lives under the jvm bin. There is also a gui tool called portecle but command line is simple. You can make jks and/or pcks12 both supported in IS 8.x. With pcks12 it will also be easier to import x509 certs into Windows Servers.
    +1 on the comments to include the .jks file in the path.

    OR

    If you want to replace keytool with a GUI tool then you can also use CERTivity.

    CERTivity aims at making it easier to manage digital security-related assets from any source.


    #Integration-Server-and-ESB
    #webMethods


  • 3.  RE: certificate -- keystore issue

    Posted Tue April 09, 2013 12:55 PM

    In addition to tools mentioned by rmg, KeyStore Explorer (which was basis for portecle a few years back) is a good tool. It can handle old-format IS keys.


    #webMethods
    #Integration-Server-and-ESB


  • 4.  RE: certificate -- keystore issue

    Posted Wed April 10, 2013 12:39 PM

    I erased my post sorry. I’ve read to quickly the previous posts.


    #Integration-Server-and-ESB
    #webMethods


  • 5.  RE: certificate -- keystore issue

    Posted Wed April 10, 2013 01:35 PM

    no worries! :smiley:


    #webMethods
    #Integration-Server-and-ESB


  • 6.  RE: certificate -- keystore issue

    Posted Wed April 10, 2013 05:53 PM

    Do you have openssl available to you? If so this can be done fairly simply with something like this:

    openssl pkcs12 -export -in wmprd_company_com.cer -out wmprd.company.com.keystore.p12 -name “wmprd_company_com” -certfile chain.cer -inkey privkey.pem

    where chain.cer is: cat entrust_l1c.cer entrust_ca.cer > chain.cer


    #webMethods
    #Integration-Server-and-ESB


  • 7.  RE: certificate -- keystore issue

    Posted Thu April 11, 2013 06:34 AM

    Hi Noor,

    As our experts already mentioned above, keytool command line does not support .pem format. So you can use openssl for this.

    -Niteesh


    #Integration-Server-and-ESB
    #webMethods


Related Content