Expired SSL Certificate for Informer server
I can't seem to find any help anywhere. I believe I have an Apache sever running Informer 4.1. The certificate has expired without warning and the group that set this up is no longer available. The limited informer instructions I have keep saying "a Java Keystore (JKS) file built off the SSL certificate that is NOT A SELF SIGNED CERTIFICATE that matches that FQDN (Fully Qualified Domain Name), or a wildcard certificate for your domain for the server Informer is installed on. This Javakeystore file derived from the SSL certificate.
IT IS NOT THE KEYSTORE FILE ITSELF, many companies have made that assumption and it is a mistake. When you contact your SSL Certificate Authority from which you obtained your SSL Certificate for assistance and tell them you need assistance to create a JKS format and that it can’t be self-signed.
You will have to edit the 'informer.properties' file in the Informer install path on the Informer server. Usually it’s in the path 'c:\\Program Files\Entrinsik\Informer4'
Near the bottom of this file, you will see the following lines:
informer.ssl.keystore=[Dri
informer.ssl.password='{pa
I've been stumbling around for days trying to find out how to create a .jks file. The original developers have this entry in the file informer.ssl.keystore=C:\\
What I finally tried was to generate a new key by using "openssl req -new -newkey rsa:2048 -nodes -keyout informer.{company}.com.key
I sent that up to GoDaddy, created the CRT request, and downloaded it using the format for Apache. Please note there is no way to download the .jks file. I've asked like 3 different representatives who have no idea what I'j
Now I don't know what to do with it. I looked around and there are some instructions that say you need to modify the httpd.config file. Did a search on the server and there isn't one. Do I need to import the 3 .crt files back in? If so how? And how do I create a .jks?
Any help with be greatly appreciated.
IT IS NOT THE KEYSTORE FILE ITSELF, many companies have made that assumption and it is a mistake. When you contact your SSL Certificate Authority from which you obtained your SSL Certificate for assistance and tell them you need assistance to create a JKS format and that it can’t be self-signed.
You will have to edit the 'informer.properties' file in the Informer install path on the Informer server. Usually it’s in the path 'c:\\Program Files\Entrinsik\Informer4'
Near the bottom of this file, you will see the following lines:
informer.ssl.keystore=[Dri
informer.ssl.password='{pa
I've been stumbling around for days trying to find out how to create a .jks file. The original developers have this entry in the file informer.ssl.keystore=C:\\
What I finally tried was to generate a new key by using "openssl req -new -newkey rsa:2048 -nodes -keyout informer.{company}.com.key
I sent that up to GoDaddy, created the CRT request, and downloaded it using the format for Apache. Please note there is no way to download the .jks file. I've asked like 3 different representatives who have no idea what I'j
Now I don't know what to do with it. I looked around and there are some instructions that say you need to modify the httpd.config file. Did a search on the server and there isn't one. Do I need to import the 3 .crt files back in? If so how? And how do I create a .jks?
Any help with be greatly appreciated.
ASKER
Thank you so much for posting. I'm not sure all aspects are complete.
I have generated the certificate using the OpenSSL comand mentioned above, requested a certificate, and downloaded the new one from GoDaddy. However, I have not done anything with the two .crt files included in my download from GoDaddyincluding updating Apache.
I assumed that there was some OpenSSL command that I had to use to put them back in - similar to what I did to get them out. And then some command to make a .jks file for the informer.properties file.
Do I need to import these .crt files back in? I'm assuming I use your instructions to make the .jks but which .crt file do you use to do that?
I have generated the certificate using the OpenSSL comand mentioned above, requested a certificate, and downloaded the new one from GoDaddy. However, I have not done anything with the two .crt files included in my download from GoDaddyincluding updating Apache.
I assumed that there was some OpenSSL command that I had to use to put them back in - similar to what I did to get them out. And then some command to make a .jks file for the informer.properties file.
Do I need to import these .crt files back in? I'm assuming I use your instructions to make the .jks but which .crt file do you use to do that?
Ok so first step:
You should be able to import the cert to the server you requested from, so you should go ahead and import the cert from Godaddy (Accept the response to the request)
Then export a p12 file with the keypair
(You should be able to get help exporting your new cert to pfx / pkcs12 from your cert provider or your informer support).
Here is a list of steps on how to export to various formats using openssl:
https://twiki.cern.ch/twiki/bin/view/LinuxSupport/OpenSSLCheatsheet
As for which files to use for the jks, if you follow the instructions on the link I gave you, you will see that you need to have 2 pem files.
One being the public key which you can export with the command:
openssl.exe pkcs12 -in publicAndprivate.pfx -clcerts -nokeys -out publicCert.pem
The next one being the private key which you get with the following command:
>>openssl.exe pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem
Once you have both of those you can create your jks.
You should be able to import the cert to the server you requested from, so you should go ahead and import the cert from Godaddy (Accept the response to the request)
Then export a p12 file with the keypair
(You should be able to get help exporting your new cert to pfx / pkcs12 from your cert provider or your informer support).
Here is a list of steps on how to export to various formats using openssl:
https://twiki.cern.ch/twiki/bin/view/LinuxSupport/OpenSSLCheatsheet
As for which files to use for the jks, if you follow the instructions on the link I gave you, you will see that you need to have 2 pem files.
One being the public key which you can export with the command:
openssl.exe pkcs12 -in publicAndprivate.pfx -clcerts -nokeys -out publicCert.pem
The next one being the private key which you get with the following command:
>>openssl.exe pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem
Once you have both of those you can create your jks.
ASKER
Ok I'm sorry. I really not familiar this process at all. I have the certificated that I downloaded from GoDaddy but I have not installed it to Apache and I'm not clear how to do that.
I think once that is done, I can then use your export a p12 file with the keypair instructions to generage a .jks file. Is that correct. Can you provide instructions on how to get the two. crt files back into Apache? Thanks.
I think once that is done, I can then use your export a p12 file with the keypair instructions to generage a .jks file. Is that correct. Can you provide instructions on how to get the two. crt files back into Apache? Thanks.
There is a simple step by step on how to do this:
http://support.godaddy.com/help/article/5238/installing-an-ssl-certificate-in-apache?pc_split_value=2
http://support.godaddy.com/help/article/5238/installing-an-ssl-certificate-in-apache?pc_split_value=2
ASKER
Hi,
Yes, GoDaddy gave me these directions as well. The issue is that I can't find the httpd.conf or ssl.conf files mentioned below. Do you know where these files should be?
"Locate the following directives in either your httpd.conf or ssl.conf file (which files you use depends on how you configured Apache). If one or more of them are currently commented out, uncomment them by removing the # character from the beginning of the line. Set the values of these directives to the absolute path and filename of the appropriate file: •SSLCertificateFile /path/to/your/certificate/
•SSLCertificateKeyFile /path/to/your/key/file
•SSLCertificateChainFile /path/to/intermediate/bund
Yes, GoDaddy gave me these directions as well. The issue is that I can't find the httpd.conf or ssl.conf files mentioned below. Do you know where these files should be?
"Locate the following directives in either your httpd.conf or ssl.conf file (which files you use depends on how you configured Apache). If one or more of them are currently commented out, uncomment them by removing the # character from the beginning of the line. Set the values of these directives to the absolute path and filename of the appropriate file: •SSLCertificateFile /path/to/your/certificate/
•SSLCertificateKeyFile /path/to/your/key/file
•SSLCertificateChainFile /path/to/intermediate/bund
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for your help. I'll give this all a try and if I'm still having issues, I'll repost my question.
Then proceed to follow the steps outlined here:
https://blogs.oracle.com/blogbypuneeth/entry/steps_to_create_a_jks
Steps 1 - 3 should cover this for you.
You need to get a copy of the public key crt that you can open in a text editor:
should look like:
—–BEGIN CERTIFICATE—–
MIIFMD................
..............NHQ7Xf
—–END CERTIFICATE—–
Also a pem file of the private key is required you should be able to do both with openssl commands as well.
If you want to extract private key from a pfx file and write it to PEM file
>>openssl.exe pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem
If you want to extract the certificate file (the signed public key) from the pfx file
>>openssl.exe pkcs12 -in publicAndprivate.pfx -clcerts -nokeys -out publicCert.pem
To remove the password from the private key file.
>> openssl.exe rsa -in privateKey.pem -out private.pem
Reprinted from:
http://sycure.wordpress.com/2008/05/15/tips-using-openssl-to-extract-private-key-pem-file-from-pfx-personal-information-exchange/