java_cert

Book Creator
 Add this page to your book
Book Creator
 Remove this page from your book  

 Manage book(0 page(s))
 Help

This is an old revision of the document!

Java certificates for Jive

This document shows the handling with Java certificates managed with keystore tool (which is part of Java SDK). If the certificate changes on proxy (intranet.example.com), the certificate also must be replaced in Jive. Basically following steps are necesary to replace the certificate in Java keystore: 

/usr/local/jive/java/bin/keytool -list -storepass changeit -keystore \
/usr/local/jive/java/jre/lib/security/cacerts|grep -Pi 'swiss|vaps|intranet'
/usr/local/jive/java/bin/keytool -v -delete -storepass changeit -alias intranet \
-keystore /usr/local/jive/java/jre/lib/security/cacerts
/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit -alias intranet \
-file intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts

Import certs for devserver (DEV)

First, you must change into directory, where the certificates are installed. 

cd /root/certs

Now, you can import the certificates: 

/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-file appserver.intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-alias intranet -file intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-alias devserver -file devserver.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts

Import certs for prodserver (PROD)

First, you must change into directory, where the certificates are installed. 

cd /root/certs

Now, you can import the certificates: 

/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-file appserver.intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-alias intranet -file intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-alias prodserver -file prodserver.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts

List imported certificates

Just use following command: 

/usr/local/jive/java/bin/keytool -list -storepass changeit -keystore \
/usr/local/jive/java/jre/lib/security/cacerts|grep -Pi 'swiss|vaps|intranet'

The list should look like this: 

swisssignplatinumg2ca, Oct 31, 2008, trustedCertEntry,
swisssignsilverg2ca, Oct 31, 2008, trustedCertEntry,
devserver, Nov 18, 2014, trustedCertEntry,
intranet, Nov 18, 2014, trustedCertEntry,
swisssigngoldg2ca, Oct 31, 2008, trustedCertEntry,

Remove old certificates

To remove a certificate in keystore, the easiest way is to remove it by using the alias, see List imported certificates. 

/usr/local/jive/java/bin/keytool -v -delete -storepass changeit -alias intranet -keystore /usr/local/jive/java/jre/lib/security/cacerts
  • java_cert.1549632992.txt.gz
  • Last modified: 2019/02/08 14:36
  • by admin