Creating the service keystore - 7.1

Talend ESB STS User Guide

author
Talend Documentation Team
EnrichVersion
7.1
EnrichProdName
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
task
Design and Development
Installation and Upgrade
EnrichPlatform
Talend ESB
Talend Runtime

Note: given the rm commands below, it is probably best to create a new directory and navigate to it before running these commands from a terminal window.

rm *.p12 *.pem *.jks *.cer
openssl req -x509 -days 3650 -newkey rsa:1024 -keyout servicekey.pem -out
    servicecert.pem -passout pass:<PW-Sk>

When running this openssl command, enter any geographic and company information desired, the key password in passout, and a common name of your choice (perhaps servicecn for the service and clientcn for the client).

openssl pkcs12 -export -inkey servicekey.pem -in servicecert.pem -out 
   service.p12 -name myservicekey -passin pass:<PW-Sk> -passout 
   pass:<PW-Sk>

This creates a pkcs12 certificate. Note the <PW-Sk> value will be used both for the keystore and the private key itself.

keytool -importkeystore -destkeystore servicestore.jks -deststorepass
   <PW-Sk> -deststoretype jks -srckeystore service.p12 -srcstorepass
   <PW-Sk> -srcstoretype pkcs12 # See Note 3

This places the certificate in a new JKS keystore. The keystore's password is changed here to <PW-Sk>, but the private key's password retains the earlier value of <PW-Sk>. Also note we're using Java 6 instead of Java 5 keytool commands (see changes between the two.)

keytool -list -keystore servicestore.jks -storepass <PW-Sk> -v

The list command is just to show the keys presently in the keystore.

keytool -exportcert -alias myservicekey -storepass <PW-Sk> -keystore 
   servicestore.jks -file service.cer
keytool -printcert -file service.cer
rm *.pem *.p12