Creating the service keystore - 7.1

Talend ESB Infrastructure Services Configuration Guide

Version
7.1
Language
English (United States)
Product
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Design and Development
Installation and Upgrade

Note: given the rm commands below, it is probably best to create a new directory and navigate to it before running these commands from a terminal window.

rm *.p12 *.pem *.jks *.cer
openssl req -x509 -days 3650 -newkey rsa:1024 -keyout servicekey.pem -out
    servicecert.pem -passout pass:<PW-Sk>

When running this openssl command, enter any geographic and company information desired, the key password in passout, and a common name of your choice (perhaps servicecn for the service and clientcn for the client).

openssl pkcs12 -export -inkey servicekey.pem -in servicecert.pem -out 
   service.p12 -name myservicekey -passin pass:<PW-Sk> -passout 
   pass:<PW-Sk>

This creates a pkcs12 certificate. Note the <PW-Sk> value will be used both for the keystore and the private key itself.

keytool -importkeystore -destkeystore servicestore.jks -deststorepass
   <PW-Sk> -deststoretype jks -srckeystore service.p12 -srcstorepass
   <PW-Sk> -srcstoretype pkcs12 # See Note 3

This places the certificate in a new JKS keystore. The keystore's password is changed here to <PW-Sk>, but the private key's password retains the earlier value of <PW-Sk>.

keytool -list -keystore servicestore.jks -storepass <PW-Sk> -v

The list command is just to show the keys presently in the keystore.

keytool -exportcert -alias myservicekey -storepass <PW-Sk> -keystore 
   servicestore.jks -file service.cer
keytool -printcert -file service.cer
rm *.pem *.p12