« Apache Web Server on Solaris 10
configure a new email cron job in Solaris 10 »
h1

Importing key-cert pair into Sun Web Server 7.0

November 7, 2008

This blog is for those people who are trying to import a key-cert pair generated from outside of Sun Web Server 7.0. This can happen if for example, you have a load balancer in front of the web server and you want to import the load balancer SSL cert for the Sun Web Server also. Why would you do that ? For one, if you want to NOT terminate SSL on the load balancer you would want the Sun Web Server to handle the SSL, you would need to do this exercise. This might also be needed if you want to do client authentication using certificates and want the Sun Web server to handle it. One more reason might be that you already own a key-cert pair and have built a new Sun Web Server 7.0 instance.

The most important step in this exercise is to convert your key-cert pair in a JKS keystore. If you have received you key-cert pair as a PKCS#12 file then you can use a simple library from Jetty : jetty-6.1.8.jar. You can download it from the following link: http://repository.codehaus.org/org/mortbay/jetty/jetty/6.1.8/.

Run the following command:

java -classpath jetty-6.1.8.jar org.mortbay.jetty.security.PKCS12Import MyCert.pfx MyCert.jks

This will convert your cert from PKCS#12 format to JKS format.There is another very interesting tool from IBM, keymanager (http://www.alphaworks.ibm.com/tech/keyman). Using this tool you can create a new JKS keystore and then just drop your private key and certs into the keystore and you are done ! Make sure that you import the key first and then the cert.

Once you have your JKS keystore with the key-cert pair, use the ‘wadm’ command in Sun Web Server 7.0 to import this keystore into the existing keystore:

1. wadm –user=admin

Please enter admin-user-password> typed-admin-password-here

2. wadm> list-configs

test-config

3.wadm> migrate-jks-keycert –config=test-config –keystore=/tmp/MyCert.jks

Please enter keystore-password> storepass
Please enter key-password> keypass (just press Enter if you don’t want a key password)

This will import an existing key-cert pair in a JKS format into the Sun Web Server 7.0 keystore.

Posted in techie | Tagged , , , , |

Leave a Comment