-
Title
How to Import a PKCS #12 (pfx) format certificate? -
Description
What are the steps to be followed to import a PKCS #12 (pfx) format certificate in Foglight? -
Cause
The steps outlined in the technical documentation (here) has been amended beginning in the 6.0.0 FMS cartridge.
Enhancement Request: FOG-1195
-
Resolution
NOTE: This certificate must be provided in the PKCS #12 (pfx) format. If the certificate and private key are saved in separate files, run the following command to merge them to the PKCS12 format:
openssl pkcs12 -export -in (certfile) -inkey (keyfile) -out (keystorefile) -name tomcat -CAfile (cacertfile) -caname root
To import a certificate in Tomcat:
1. Delete the existing tomcat certificate from the tomcat.keystore directory using the following command:
(foglight_home)\jre\bin\keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -delete
2. Obtain the certificate’s alias name from the certificate PFX file using the following command:
(foglight_home)\jre\bin\keytool -keystore (your certificate pfx file) -storepass (certificate pfx password) -list -v
The following is an example of command output. The value of Alias name is required in step 3.
Your keystore contains 1 entry
Alias name: tq-294043e3-fd9d-42ee-a596-0217c7d6d5f8
Creation date: May 8, 2020
Entry type: PrivateKeyEntry
3. Merge the Tomcat keystore and the PKCS12 keystore using the following command:
(foglight_home)\jre\bin\keytool -importkeystore -destkeystore (foglight_home)\config\tomcat.keystore -deststorepass nitrogen -destalias tomcat -destkeypass nitrogen -srckeystore (your certificate pfx file) -srcstorepass (certificate pfx password) -srcstoretype pkcs12 -srcalias (alias name in step 2)
-
Defect ID
FOG-1195 -
Additional Information
Note: Please replace the values within the "( )" in the above commands