Certificados TLS: Difference between revisions
(9 intermediate revisions by the same user not shown) | |||
Line 37: | Line 37: | ||
ikeycmd -cert -setdefault -db "key.kdb" -label "mydefaultcertificate" -pw changeit | ikeycmd -cert -setdefault -db "key.kdb" -label "mydefaultcertificate" -pw changeit | ||
To create a new certificate request | |||
ikeycmd -certreq -create -db gui-truststore.jks -pw password -size 2048 \ | |||
-sig_alg SHA256WithRSA -dn "CN=srv.company.com" -file certreq.csr -label label \ | |||
-san_dnsname srv1.company.com,srv2.company.com \ | |||
-san_ipaddr 192.168.2.1,192.168.2.2 | |||
To receive the signed certificate by using the iKeycmd command, issue the following command: | |||
ikeycmd -cert -receive -db gui-truststore.jks -pw password -format format -file certificate_file | |||
To create a self signed certificate | |||
ikeycmd -cert -create -db keyselfsigned.jks -pw 1234 -label mysigner -dn "CN=srv.company.com" -size 2048 -expire 3650 -ca true | |||
* [[WLP: Adicionando um certificado TLS como confiável na Liberty trust store]] | * [[WLP: Adicionando um certificado TLS como confiável na Liberty trust store]] | ||
= Keytool Cheat Sheet = | = Keytool Cheat Sheet = | ||
List certificates | |||
keytool -v -list -keystore <JAVA_HOME>/lib/security/cacerts -storepass changeit | |||
Add a client certificate to keystore | Add a client certificate to keystore | ||
keytool -import -alias | keytool -import -alias cert-interno -file /<TEMP_DIR>/certificadoInterno.der \ | ||
-keystore <JAVA_HOME>/lib/security/cacerts -storetype jceks \ | -keystore <JAVA_HOME>/lib/security/cacerts -storetype jceks \ | ||
-storepass changeit -noprompt | -storepass changeit -noprompt | ||
Remove certificate from keystore | |||
keytool -delete -noprompt -alias <ALIAS> -keystore JAVA_HOME>/lib/security/cacerts -storepass changeit | |||
* [[Java: Importando Certificados SSL para a Java Virtual Machine (JVM)]] | * [[Java: Importando Certificados SSL para a Java Virtual Machine (JVM)]] | ||
* [[Keytool: Importando chave TLS do servidor LDAP]] | |||
* [[Keytool: Importando uma chave da Let's Encrypt]] | |||
* [[Sametime: Importando Certificados SSL para o cacerts]] | * [[Sametime: Importando Certificados SSL para o cacerts]] |
Latest revision as of 18:30, 27 December 2023
OpenSSL Cheat Sheet
Criando as chaves ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout nginx.key -out nginx.crt \ -subj "/C=BR/ST=DF/L=Brasilia/O=Company/OU=TI/CN=$(hostname).company.com.br"
Importando um Certificado
Download do certificado
openssl s_client -connect <HOST:PORT> </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <FILENAME.cer>
Importando via ikeycmd
ikeycmd -cert -add -db "key.jks" -file "FILENAME.cer" -pw <PASSWORD> -label <LABEL_CERTIFICADO> > /dev/null
iKeyCmd Cheat Sheet
List certificates
ikeycmd -cert -list personal -db "key.kdb" -pw changeit ikeycmd -cert -list ca -db "key.kdb" -pw changeit
Add a client certificate to keystore
ikeycmd -cert -add -db "key.kdb" -label <MYCERTLABEL> -file <FILENAME.crt> -format ascii -pw changeit
Remove certificate from keystore (using stashed password)
ikeycmd -cert -delete -label <MYCERTLABEL> -db "key.kdb" -stashed
Set default certificate
ikeycmd -cert -setdefault -db "key.kdb" -label "mydefaultcertificate" -pw changeit
To create a new certificate request
ikeycmd -certreq -create -db gui-truststore.jks -pw password -size 2048 \ -sig_alg SHA256WithRSA -dn "CN=srv.company.com" -file certreq.csr -label label \ -san_dnsname srv1.company.com,srv2.company.com \ -san_ipaddr 192.168.2.1,192.168.2.2
To receive the signed certificate by using the iKeycmd command, issue the following command:
ikeycmd -cert -receive -db gui-truststore.jks -pw password -format format -file certificate_file
To create a self signed certificate
ikeycmd -cert -create -db keyselfsigned.jks -pw 1234 -label mysigner -dn "CN=srv.company.com" -size 2048 -expire 3650 -ca true
Keytool Cheat Sheet
List certificates
keytool -v -list -keystore <JAVA_HOME>/lib/security/cacerts -storepass changeit
Add a client certificate to keystore
keytool -import -alias cert-interno -file /<TEMP_DIR>/certificadoInterno.der \ -keystore <JAVA_HOME>/lib/security/cacerts -storetype jceks \ -storepass changeit -noprompt
Remove certificate from keystore
keytool -delete -noprompt -alias <ALIAS> -keystore JAVA_HOME>/lib/security/cacerts -storepass changeit