Creating the service keystore

Creating the service keystore - 7.1

Talend ESB Infrastructure Services Configuration Guide

Version

7.1

Language

English (United States)

Product

Talend Data Fabric

Talend Data Services Platform

Talend ESB

Talend MDM Platform

Talend Open Studio for ESB

Talend Real-Time Big Data Platform

Module

Talend ESB

Talend Runtime

Content

Design and Development

Installation and Upgrade

Note: given the rm commands below, it is probably best to create a new directory and navigate to it before running these commands from a terminal window.

rm *.p12 *.pem *.jks *.cer
openssl req -x509 -days 3650 -newkey rsa:1024 -keyout servicekey.pem -out
    servicecert.pem -passout pass:<PW-Sk>

When running this openssl command, enter any geographic and company information desired, the key password in passout, and a common name of your choice (perhaps servicecn for the service and clientcn for the client).

openssl pkcs12 -export -inkey servicekey.pem -in servicecert.pem -out 
   service.p12 -name myservicekey -passin pass:<PW-Sk> -passout 
   pass:<PW-Sk>

This creates a pkcs12 certificate. Note the <PW-Sk> value will be used both for the keystore and the private key itself.

keytool -importkeystore -destkeystore servicestore.jks -deststorepass
   <PW-Sk> -deststoretype jks -srckeystore service.p12 -srcstorepass
   <PW-Sk> -srcstoretype pkcs12 # See Note 3

This places the certificate in a new JKS keystore. The keystore's password is changed here to <PW-Sk>, but the private key's password retains the earlier value of <PW-Sk>.

keytool -list -keystore servicestore.jks -storepass <PW-Sk> -v

The list command is just to show the keys presently in the keystore.

keytool -exportcert -alias myservicekey -storepass <PW-Sk> -keystore 
   servicestore.jks -file service.cer
keytool -printcert -file service.cer
rm *.pem *.p12