Show pageOld revisionsBacklinksAdd to bookExport to MarkdownBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Java certificates for Jive ====== This document shows the handling with Java certificates managed with keystore tool (which is part of Java SDK). If the certificate changes on proxy (intranet.example.com), the certificate also must be replaced in Jive. Basically following steps are necesary to replace the certificate in Java keystore: * Check out the certifcate, see chapter [[java_cert#List_imported_certificates|List imported certificates]] <code bash> /usr/local/jive/java/bin/keytool -list -storepass changeit -keystore \ /usr/local/jive/java/jre/lib/security/cacerts|grep -Pi 'swiss|vaps|intranet' </code> * Remove the old intranet certificate [[java_cert#Remove_old_certificates|Remove old certificatess]] <code bash> /usr/local/jive/java/bin/keytool -v -delete -storepass changeit -alias intranet \ -keystore /usr/local/jive/java/jre/lib/security/cacerts </code> * Add the new certificate [[java_cert#Import_certs_for_prodserver_(PROD)|Import certs for prodserver (PROD)]] <code bash> /usr/local/jive/java/bin/keytool -v -importcert -storepass changeit -alias intranet \ -file intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts </code> ===== Import certs for devserver (DEV) ===== First, you must change into directory, where the certificates are installed. <code bash> cd /root/certs </code> Now, you can import the certificates: <code bash> /usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \ -file appserver.intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts /usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \ -alias intranet -file intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts /usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \ -alias devserver -file devserver.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts </code> ===== Import certs for prodserver (PROD) ===== First, you must change into directory, where the certificates are installed. <code> cd /root/certs </code> Now, you can import the certificates: <code bash> /usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \ -file appserver.intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts /usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \ -alias intranet -file intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts /usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \ -alias prodserver -file prodserver.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts </code> ===== List imported certificates ===== Just use following command: <code bash> /usr/local/jive/java/bin/keytool -list -storepass changeit -keystore \ /usr/local/jive/java/jre/lib/security/cacerts|grep -Pi 'swiss|vaps|intranet' </code> The list should look like this: <code bash> swisssignplatinumg2ca, Oct 31, 2008, trustedCertEntry, swisssignsilverg2ca, Oct 31, 2008, trustedCertEntry, devserver, Nov 18, 2014, trustedCertEntry, intranet, Nov 18, 2014, trustedCertEntry, swisssigngoldg2ca, Oct 31, 2008, trustedCertEntry, </code> ===== Remove old certificates ===== To remove a certificate in keystore, the easiest way is to remove it by using the alias, see [[mdwiki/#!other/jive-java-certs.md#List_imported_certificates|List imported certificates]]. <code bash> /usr/local/jive/java/bin/keytool -v -delete -storepass changeit -alias intranet \ -keystore /usr/local/jive/java/jre/lib/security/cacerts </code> java_cert.txt Last modified: 2019/02/08 14:36by admin