These methods are some examples of how to secure the Gespage user page.
It can be done by yourself or directly by our support by sending your certificate and the private key.
New procedure
Take the certificate as well as the intermediate certificate in .crt or .pem format.
Open them and check the content of the intermediate certificate under the main certificate where the content should look like this :
We can open it with the command on linux below :
Check that the generated file has the same MD5 as the private key :
You will need to retrieve the file cacert.jks located in one of the Gespage folders (Windows or Linux).
You can find it in the default folder :
C:\Program Files\GespageCore\server\config
Once recovered on your Linux station, copy the cacerts.jks of Gespage in the current folder :
Import the bundle.crt into the cacerts.jks:
And validate the certificate.
Unite and convert the certificates and the private key into a .p12 file (pkcs12 format):
Enter the following password: "changeit".
Import the .p12 in a keystore.jks
Finally, place the keystore.jks as well as the cacerts.jks in the Gespage config file then restart the application.
----------------------------------------------------------------------------------------------------------------------------------------
Old Procedure
If we only have a pfx file, the following commands must be executed:
- openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
- openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
- openssl rsa -in key.pem -out server.key
If we are provided with a certificate with the .p7b extension with the following tags inside: -----BEGIN PKCS7-----
openssl pkcs7 -in certificatname.p7b -print_certs -outform PEM -out certificatname.pem
The certificatename.pem file must then be split into certificates and intermediate certificates.
The SVD provides us with the private key, certificate and intermediate certificate in PEM format (readable format):
Private key: corep-printing.u-strasbg.key
Certificate: cert-4286-corep-printing.u-strasbg.pem
Intermediate certificate: chain-4286-corep-printing.u-strasbg.pem
The private key, certificate and intermediate certificate (if provided) must first be converted to DER format.
A keystore.jks integrating the private key must then be generated from the java programme ImportKey.java :
If you already have a keystore because you have created the CSR yourself, you have to do the following command to insert the certificate in the keystore.jks (in general you have to use the s1as alias) :
Import the intermediate certificate to the keystore.jks file:
The keystore file is generated under /root/keystore.jks . It must be copied under /usr/share/glassfishv3/glassfish/domains/domain1/config. It is necessary to restart GlassFish for it to be taken into account.
It is possible to convert a certificate from .CER to .PEM with openssl with the following command: