====== Java certificates for Jive ======
This document shows the handling with Java certificates managed with keystore tool (which is part of Java SDK). If the certificate changes on proxy (intranet.example.com), the certificate also must be replaced in Jive. Basically following steps are necesary to replace the certificate in Java keystore:
* Check out the certifcate, see chapter [[java_cert#List_imported_certificates|List imported certificates]]
/usr/local/jive/java/bin/keytool -list -storepass changeit -keystore \
/usr/local/jive/java/jre/lib/security/cacerts|grep -Pi 'swiss|vaps|intranet'
* Remove the old intranet certificate [[java_cert#Remove_old_certificates|Remove old certificatess]]
/usr/local/jive/java/bin/keytool -v -delete -storepass changeit -alias intranet \
-keystore /usr/local/jive/java/jre/lib/security/cacerts
* Add the new certificate [[java_cert#Import_certs_for_prodserver_(PROD)|Import certs for prodserver (PROD)]]
/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit -alias intranet \
-file intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
===== Import certs for devserver (DEV) =====
First, you must change into directory, where the certificates are installed.
cd /root/certs
Now, you can import the certificates:
/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-file appserver.intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-alias intranet -file intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-alias devserver -file devserver.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
===== Import certs for prodserver (PROD) =====
First, you must change into directory, where the certificates are installed.
cd /root/certs
Now, you can import the certificates:
/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-file appserver.intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-alias intranet -file intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-alias prodserver -file prodserver.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
===== List imported certificates =====
Just use following command:
/usr/local/jive/java/bin/keytool -list -storepass changeit -keystore \
/usr/local/jive/java/jre/lib/security/cacerts|grep -Pi 'swiss|vaps|intranet'
The list should look like this:
swisssignplatinumg2ca, Oct 31, 2008, trustedCertEntry,
swisssignsilverg2ca, Oct 31, 2008, trustedCertEntry,
devserver, Nov 18, 2014, trustedCertEntry,
intranet, Nov 18, 2014, trustedCertEntry,
swisssigngoldg2ca, Oct 31, 2008, trustedCertEntry,
===== Remove old certificates =====
To remove a certificate in keystore, the easiest way is to remove it by using the alias, see [[mdwiki/#!other/jive-java-certs.md#List_imported_certificates|List imported certificates]].
/usr/local/jive/java/bin/keytool -v -delete -storepass changeit -alias intranet \
-keystore /usr/local/jive/java/jre/lib/security/cacerts