IBM Sterling Connect:Direct: Trocando a chave TLS do C:D
Trocando a chave SSL do Connect:Direct
Vamos criar uma chave 2024/2025 como exemplo:
keytool -genkeypair -alias cdnode01_24_25 -keyalg RSA -keysize 2048 -validity 10 -keystore cdkeystore.p12 -storetype PKCS12 \ -sigalg SHA384withRSA -dname "CN=cdnode01.ebasso.net, O=EbassoNet, ST=Goias, C=BR" Enter keystore password: Re-enter new password: Generating 2,048 bit RSA key pair and self-signed certificate (SHA384withRSA) with a validity of 10 days for: CN=cdnode01.ebasso.net, O=EbassoNet, ST=Goias, C=BR
Gerando a nova chave 2025/2026
keytool -genkeypair -alias cdnode01_25_26 -keyalg RSA -keysize 2048 -validity 365 -keystore cdkeystore.p12 -storetype PKCS12 \ -sigalg SHA384withRSA -dname "CN=cdnode01.ebasso.net, O=EbassoNet, ST=Goias, C=BR" \ -ext san=dns:cdnode01.ebasso.net,dns:www.cdnode01.ebasso.net Enter keystore password: Generating 2,048 bit RSA key pair and self-signed certificate (SHA384withRSA) with a validity of 365 days for: CN=cdnode01.ebasso.net, O=EbassoNet, ST=Goias, C=BR
Exportando o CSR
keytool -certreq -alias cdnode01_25_26 -keystore cdkeystore.p12 -file cdnode01_25_26.csr -storetype PKCS12 \ -ext san=dns:cdnode01.ebasso.net,dns:www.cdnode01.ebasso.net Enter keystore password:
Criando a nossa CA
openssl genpkey -algorithm RSA -out ca-key.pem -aes256 -pass pass:MinhaSenhaForte -pkeyopt rsa_keygen_bits:4096 ......+..+...+....+++++++++++++++++++++++++++++++++++++++++++++*.. ....+........+.........+.......+...+..+....+..+....+......+..+....
openssl req -x509 -new -nodes -key ca-key.pem -sha384 -days 3650 -out ca-cert.pem -passin pass:MinhaSenhaForte \ -subj "/C=BR/ST=Goias/O=ebasso.net/CN=Minha CA"
Criar o arquivo san.ext
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, keyEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = cdnode01.ebasso.net DNS.2 = www.cdnode01.ebasso.net
Assinado o CSR
openssl x509 -req -in cdnode01_25_26.csr -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out cdnode01_25_26.crt \ -days 365 -sha384 -passin pass:MinhaSenhaForte -extfile san.ext Certificate request self-signature ok subject=C=BR, ST=Goias, O=EbassoNet, CN=cdnode01.ebasso.net
Importando a nossa CA
keytool -import -keystore cdkeystore.p12 -storetype PKCS12 -file ca-cert.pem -alias minha-ca -noprompt Enter keystore password: Certificate was added to keystore
Importando a nossa chave
keytool -import -trustcacerts -alias cdnode01_25_26 -keystore cdkeystore.p12 -file cdnode01_25_26.crt -storetype PKCS12 -noprompt \ -ext san=dns:cdnode01.ebasso.net,dns:www.cdnode01.ebasso.net Enter keystore password: Certificate reply was installed in keystore
Listando as nossas chaves
keytool -list -keystore cdkeystore.p12 -storetype PKCS12 -v