Pretty easy.īut you are absolutely right that any certificate manager can be used for those who prefer a graphical UI. KEYSTORE EXPLORER CONVERT PFX TO JKS INSTALLAnd I just have to install the RootCA cert in a bowser's keychain once, not dozens of individual certificates for each host/service. By using a wildcard certificate with a subnet IP as SAN I can create and sign a single certificate for all local hostnames as well as for all local IPs of devices in my LAN, be it a router, a switch, a server or a service. So I convert the resulting certs into other formats also with openssl.įor systems in my LAN I do not buy certificates, but use self-signed certificates under my own Certificate Authority. I prefer the openssl method b/c of several reasons, the most important one is that for certificates signed by a public or a private CA I have to generate a CSR using openssl anyway. It's just the SDN Controller's web UI which does not allow uploading PKCS12. So, Omada SDN Controller does indeed accept PKCS12, which is no surprise because PKCS12 is supported by any JDK since JDK 8 released in 2014. Old ones will still be supported in the future by the JDKs, but new cryptographic algorithms might not be supported at all, so the conversion of SSL certs to PKCS12 is just a matter of time when new cryptographic algorithms are used for the certs.Īnyway, the method to install a PKCS12 cert by manually copying it to the keystore still works fine with SDN Controller. Why is it bad? Because JKS certificates are based on an old, proprietary format (outdated since 2014), that is not easily extensible to new cryptographic algorithms. Yes, as I wrote I didn't try uploading the cert through the web UI, but I checked: it indeed accepts only JKS format, which is bad. Thanks and hope that it's clear for everyone KEYSTORE EXPLORER CONVERT PFX TO JKS PASSWORDp12ĥ- file > save as - save it as a JKS file and enter the same password for the key pairĦ- lunch Omada and make sure that you delete the jetty.jks file.ħ- login to Omada comtroller then setting > Controller - then upload the JKS certificate we made and put the password then everything will be fine KEYSTORE EXPLORER CONVERT PFX TO JKS WINDOWSNote: windows CA creats PFX file, just rename the extention to. to fix it you have to go the Omada directory C:\Users\YOURNAME\Omada Controller\data\cer then you will find a file called jetty.jks delete this file a creat a new JKS certificate through KeyStore Explorer SoftwareĢ- tools > Generate key pair - RSA 4,096 - edit name - write down all information needed CN=(omada's FQDN)Ĥ- tools > import trusted certificate - you have to add the p12 file created by your CA So, If you upload a wrong certificate through the web interface, the web interface won't be lunched or working as I received an error message. String encoded = encoder.encode(key.First of all Omada ONLY supports JKS certificate files and no more files supported. Key key = keystore.getKey(alias, keyPassword) Keystore.load(new FileInputStream(keystoreFile), keyStorePassword) KeyStore keystore = KeyStore.getInstance(keyStoreType) īASE64Encoder encoder = new BASE64Encoder() I had to use the below Java class to get the key out. If anyone finds themselves here trying to get a private key out of a JCEKS type keystore, I found that the keytool and openssl instructions described in other answers did not work.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |