Creating the service keystore - 7.1

Talend ESB Infrastructure Services Configuration Guide

EnrichVersion
7.1
EnrichProdName
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
EnrichPlatform
Talend ESB
Talend Runtime
task
Design and Development
Installation and Upgrade

Note: given the rm commands below, it is probably best to create a new directory and navigate to it before running these commands from a terminal window.

rm *.p12 *.pem *.jks *.cer
openssl req -x509 -days 3650 -newkey rsa:1024 -keyout servicekey.pem -out
    servicecert.pem -passout pass:<PW-Sk>

When running this openssl command, enter any geographic and company information desired, the key password in passout, and a common name of your choice (perhaps servicecn for the service and clientcn for the client).

openssl pkcs12 -export -inkey servicekey.pem -in servicecert.pem -out 
   service.p12 -name myservicekey -passin pass:<PW-Sk> -passout 
   pass:<PW-Sk>

This creates a pkcs12 certificate. Note the <PW-Sk> value will be used both for the keystore and the private key itself.

keytool -importkeystore -destkeystore servicestore.jks -deststorepass
   <PW-Sk> -deststoretype jks -srckeystore service.p12 -srcstorepass
   <PW-Sk> -srcstoretype pkcs12 # See Note 3

This places the certificate in a new JKS keystore. The keystore's password is changed here to <PW-Sk>, but the private key's password retains the earlier value of <PW-Sk>.

keytool -list -keystore servicestore.jks -storepass <PW-Sk> -v

The list command is just to show the keys presently in the keystore.

keytool -exportcert -alias myservicekey -storepass <PW-Sk> -keystore 
   servicestore.jks -file service.cer
keytool -printcert -file service.cer
rm *.pem *.p12