• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 618
  • Last Modified:

Expired SSL Certificate for Informer server

I can't seem to find any help anywhere. I believe I have an Apache sever running Informer 4.1. The certificate has expired without warning and the group that set this up is no longer available. The limited informer instructions I have keep saying "a Java Keystore (JKS) file built off the SSL certificate that is NOT A SELF SIGNED CERTIFICATE that matches that FQDN (Fully Qualified Domain Name), or a wildcard certificate for your domain for the server Informer is installed on. This Javakeystore file derived from the SSL certificate.
IT IS NOT THE KEYSTORE FILE ITSELF, many companies have made that assumption and it is a mistake. When you contact your SSL Certificate Authority from which you obtained your SSL Certificate for assistance and tell them you need assistance to create a JKS format and that it can’t be self-signed.

You will have to edit the 'informer.properties' file in the Informer install path on the Informer server. Usually it’s in the path 'c:\\Program Files\Entrinsik\Informer4' but this could be different for your installation.  
Near the bottom of this file, you will see the following lines:

I've been stumbling around for days trying to find out how to create a .jks file. The original developers have this entry in the file informer.ssl.keystore=C:\\Downloads\\OpenSSL\\bin\\keystore . There is a line in the instructions that specifically says not to do this and when I mentioned this to my Informer support, he indicated that this is incorrect.

What I finally tried was to generate a new key by using "openssl req -new -newkey rsa:2048 -nodes -keyout informer.{company}.com.key –out informer.{company}.com.csr –config openssl.cnf"

I sent that up to GoDaddy, created the CRT request,  and downloaded it using the format for Apache. Please note there is no way to download the .jks file. I've asked like 3 different representatives who have no idea what I'j

Now I don't know what to do with it. I looked around and there are some instructions that say you need to modify the httpd.config file. Did a search on the server and there isn't one. Do I need to import the 3 .crt files back in? If so how? And how do I create a .jks?

Any help with be greatly appreciated.
  • 4
  • 4
1 Solution
Ok so if I am reading you correctly you need to create a jks file all the other aspects of this work (adding the new cert to Apache is complete).
Then proceed to follow the steps outlined here:

Steps 1 - 3 should cover this for you.

You need to get a copy of the public key crt that you can open in a text editor:
should look like:

Also a pem file of the private key is required you should be able to do both with openssl commands as well.

If you want to extract private key from a pfx file and write it to PEM file
>>openssl.exe pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem
If you want to extract the certificate file (the signed public key) from the pfx file
>>openssl.exe pkcs12 -in publicAndprivate.pfx -clcerts -nokeys -out publicCert.pem
To remove the password from the private key file.
>> openssl.exe rsa -in privateKey.pem -out private.pem

Reprinted from:
paynsterAuthor Commented:
Thank you so much for posting. I'm not sure all aspects are complete.

I have generated the certificate  using the OpenSSL comand mentioned above, requested a certificate, and downloaded the new one from GoDaddy. However, I have not done anything with the two .crt files included in my download from GoDaddyincluding updating Apache.

I assumed that there was some OpenSSL command that I had to use to put them back in - similar to what I did to get them out. And then some command to make a .jks file for the informer.properties file.

Do I need to import these .crt files back in? I'm assuming I use your instructions to make the .jks but which .crt file do you use to do that?
Ok so first step:
You should be able to import the cert to the server you requested from, so you should go ahead and import the cert from Godaddy (Accept the response to the request)

Then export a p12 file with the keypair
(You should be able to get help exporting your new cert to pfx / pkcs12 from your cert provider or your informer support).

Here is a list of steps on how to export to various formats using openssl:

As for which files to use for the jks, if you follow the instructions on the link I gave you, you will see that you need to have 2 pem files.
One being the public key which you can export with the command:
openssl.exe pkcs12 -in publicAndprivate.pfx -clcerts -nokeys -out publicCert.pem

The next one being the private key which you get with the following command:
>>openssl.exe pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem

Once you have both of those you can create your jks.
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

paynsterAuthor Commented:
Ok I'm sorry. I really not familiar this process at all. I have the certificated that I downloaded from GoDaddy but I have not installed it to Apache and I'm not clear how to do that.

I think once that is done, I can then use your  export a p12 file with the keypair instructions to generage a .jks file. Is that correct. Can you provide instructions on how to get the two. crt files back into Apache? Thanks.
paynsterAuthor Commented:

Yes, GoDaddy gave me these directions as well. The issue is that I can't find the httpd.conf or ssl.conf files mentioned below. Do you know where these files should be?

"Locate the following directives in either your httpd.conf or ssl.conf file (which files you use depends on how you configured Apache). If one or more of them are currently commented out, uncomment them by removing the # character from the beginning of the line. Set the values of these directives to the absolute path and filename of the appropriate file: •SSLCertificateFile /path/to/your/certificate/file
•SSLCertificateKeyFile /path/to/your/key/file
•SSLCertificateChainFile /path/to/intermediate/bundle/file"
I do not know your server config but possibly

/etc/apachexx/  might be a good place to look

You can just do a find to be sure where:
$ find / -name '*.conf'
paynsterAuthor Commented:
Thank you for your help. I'll give this all a try and if I'm still having issues, I'll repost my question.

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now