Tagged: SSL
This topic has 1 reply, 2 voices, and was last updated 5 years, 4 months ago by Mark Craig.
-
AuthorPosts
-
February 16, 2017 at 1:55 pm #15830
marc.sahin
ParticipantHello,
We will renew the CA signed ssl certificate of OpenDJ(2.5.1).
I follow the the documentation to create a new CA signed certificate and install it into OpenDJ.
Changing Server Certificates :
https://backstage.forgerock.com/docs/opendj/2.6/admin-guide/chap-change-certsTo Request and Install a CA-Signed Certificate :
https://backstage.forgerock.com/docs/opendj/2.6/admin-guide/chap-connection-handlers#new-ca-signed-certHowever, there are some points that I don’t understand :
In the first step, we create a keystore than generate a csr from that and receive the ssl cert from CA.
I’m wondering if the private key is the certificate into that keystore ?
Otherwise, where is the private key ?In the fifth Step, we replace the server-cert which is created in first step with CA signed certificate.
Is it normal that we overwrite this certificate ?It would be great if you could help me out.
Thank you in advance
MarcMarch 14, 2017 at 3:20 pm #16264Mark Craig
ParticipantThe
keytool -genkey
(akakeytool -genkeypair
) command generates a public-private key pair in the specified keystore.You then use the
keytool -certreq
command to generate a certificate signing request (CSR) for the public key certificate.When you get the signed certificate response from the CA, that is the certificate to import into the keystore where you ran the
keytool -certreq
command. The server will then present this certificate when negotiating secure connections. The original certificate is self-signed. The certificate you got in the response was signed by a CA, so peers will hopefully recognize it when the server presents it to negotiate a secure connection. -
AuthorPosts
You must be logged in to reply to this topic.