Solved

Expired SSL Certificate for Informer server

Posted on 2014-02-28
8
560 Views
Last Modified: 2014-03-06
I can't seem to find any help anywhere. I believe I have an Apache sever running Informer 4.1. The certificate has expired without warning and the group that set this up is no longer available. The limited informer instructions I have keep saying "a Java Keystore (JKS) file built off the SSL certificate that is NOT A SELF SIGNED CERTIFICATE that matches that FQDN (Fully Qualified Domain Name), or a wildcard certificate for your domain for the server Informer is installed on. This Javakeystore file derived from the SSL certificate.
IT IS NOT THE KEYSTORE FILE ITSELF, many companies have made that assumption and it is a mistake. When you contact your SSL Certificate Authority from which you obtained your SSL Certificate for assistance and tell them you need assistance to create a JKS format and that it can’t be self-signed.

You will have to edit the 'informer.properties' file in the Informer install path on the Informer server. Usually it’s in the path 'c:\\Program Files\Entrinsik\Informer4' but this could be different for your installation.  
Near the bottom of this file, you will see the following lines:
informer.ssl.keystore=[Drive-Letter]:\\path\\to\\keystore\\file.jks
informer.ssl.password='{password}'"

I've been stumbling around for days trying to find out how to create a .jks file. The original developers have this entry in the file informer.ssl.keystore=C:\\Downloads\\OpenSSL\\bin\\keystore . There is a line in the instructions that specifically says not to do this and when I mentioned this to my Informer support, he indicated that this is incorrect.

What I finally tried was to generate a new key by using "openssl req -new -newkey rsa:2048 -nodes -keyout informer.{company}.com.key –out informer.{company}.com.csr –config openssl.cnf"

I sent that up to GoDaddy, created the CRT request,  and downloaded it using the format for Apache. Please note there is no way to download the .jks file. I've asked like 3 different representatives who have no idea what I'j

Now I don't know what to do with it. I looked around and there are some instructions that say you need to modify the httpd.config file. Did a search on the server and there isn't one. Do I need to import the 3 .crt files back in? If so how? And how do I create a .jks?

Any help with be greatly appreciated.
0
Comment
Question by:paynster
  • 4
  • 4
8 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39895724
Ok so if I am reading you correctly you need to create a jks file all the other aspects of this work (adding the new cert to Apache is complete).
Then proceed to follow the steps outlined here:
https://blogs.oracle.com/blogbypuneeth/entry/steps_to_create_a_jks

Steps 1 - 3 should cover this for you.

You need to get a copy of the public key crt that you can open in a text editor:
should look like:
—–BEGIN CERTIFICATE—–
MIIFMD................
..............NHQ7Xf
—–END CERTIFICATE—–

Also a pem file of the private key is required you should be able to do both with openssl commands as well.

If you want to extract private key from a pfx file and write it to PEM file
>>openssl.exe pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem
If you want to extract the certificate file (the signed public key) from the pfx file
>>openssl.exe pkcs12 -in publicAndprivate.pfx -clcerts -nokeys -out publicCert.pem
To remove the password from the private key file.
>> openssl.exe rsa -in privateKey.pem -out private.pem

Reprinted from:
http://sycure.wordpress.com/2008/05/15/tips-using-openssl-to-extract-private-key-pem-file-from-pfx-personal-information-exchange/
0
 

Author Comment

by:paynster
ID: 39895785
Thank you so much for posting. I'm not sure all aspects are complete.

I have generated the certificate  using the OpenSSL comand mentioned above, requested a certificate, and downloaded the new one from GoDaddy. However, I have not done anything with the two .crt files included in my download from GoDaddyincluding updating Apache.

I assumed that there was some OpenSSL command that I had to use to put them back in - similar to what I did to get them out. And then some command to make a .jks file for the informer.properties file.

Do I need to import these .crt files back in? I'm assuming I use your instructions to make the .jks but which .crt file do you use to do that?
0
 
LVL 29

Expert Comment

by:becraig
ID: 39895877
Ok so first step:
You should be able to import the cert to the server you requested from, so you should go ahead and import the cert from Godaddy (Accept the response to the request)

Then export a p12 file with the keypair
(You should be able to get help exporting your new cert to pfx / pkcs12 from your cert provider or your informer support).

Here is a list of steps on how to export to various formats using openssl:
https://twiki.cern.ch/twiki/bin/view/LinuxSupport/OpenSSLCheatsheet

As for which files to use for the jks, if you follow the instructions on the link I gave you, you will see that you need to have 2 pem files.
One being the public key which you can export with the command:
openssl.exe pkcs12 -in publicAndprivate.pfx -clcerts -nokeys -out publicCert.pem


The next one being the private key which you get with the following command:
>>openssl.exe pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem


Once you have both of those you can create your jks.
0
Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

 

Author Comment

by:paynster
ID: 39896131
Ok I'm sorry. I really not familiar this process at all. I have the certificated that I downloaded from GoDaddy but I have not installed it to Apache and I'm not clear how to do that.

I think once that is done, I can then use your  export a p12 file with the keypair instructions to generage a .jks file. Is that correct. Can you provide instructions on how to get the two. crt files back into Apache? Thanks.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39896171
0
 

Author Comment

by:paynster
ID: 39896181
Hi,

Yes, GoDaddy gave me these directions as well. The issue is that I can't find the httpd.conf or ssl.conf files mentioned below. Do you know where these files should be?

"Locate the following directives in either your httpd.conf or ssl.conf file (which files you use depends on how you configured Apache). If one or more of them are currently commented out, uncomment them by removing the # character from the beginning of the line. Set the values of these directives to the absolute path and filename of the appropriate file: •SSLCertificateFile /path/to/your/certificate/file
•SSLCertificateKeyFile /path/to/your/key/file
•SSLCertificateChainFile /path/to/intermediate/bundle/file"
0
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 39896194
I do not know your server config but possibly

/etc/apachexx/  might be a good place to look

You can just do a find to be sure where:
$ find / -name '*.conf'
0
 

Author Closing Comment

by:paynster
ID: 39910252
Thank you for your help. I'll give this all a try and if I'm still having issues, I'll repost my question.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Providing detailed failure status for WCF service call 3 94
Tech Writing Terminology - Pane or Panel? 8 86
website content maintenance 3 92
Compare site how does it work 4 77
I made this because I wanted to get e-mail with a attached csv file so I'd would be able to import user input into a MS Excel template, but I also wanted to register/save all inputs from each day in a file on the server. 1st - It creates a temp C…
The task of choosing a web design company to build a website for your business should never be taken in a light manner. Provided the fact that your website will act as a representative to your business and will be responsible for imposing an online …
This video teaches users how to migrate an existing Wordpress website to a new domain.
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question