Creating the service keystore - 8.0

Talend ESB STS User Guide

Version
8.0
Language
English (United States)
Product
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Design and Development
Installation and Upgrade

Note: given the rm commands below, it is probably best to create a new directory and navigate to it before running these commands from a terminal window.

rm *.p12 *.pem *.jks *.cer
openssl req -x509 -days 36525 -newkey rsa:2048 -sha256 -keyout servicekey.pem -out
    servicecert.pem -passout pass:sspass
This command is interactive. Enter the answers for the following questions, for example:
Country Name - US
State or Province Name - New York
Locality Name - Buffalo
Organization Name - Sample Web Service Provider -- NOT FOR PRODUCTION
Organizational Unit Name - IT Department
Common Name - www.service.com
Email Address - service@service.com
openssl pkcs12 -export -inkey servicekey.pem -in servicecert.pem -out 
   service.p12 -name myservicekey -passin pass:sspass -passout 
   pass:skpass

This creates a pkcs12 certificate. Note the skpass value will be used both for the keystore and the private key itself.

keytool -importkeystore -destkeystore servicestore.jks -deststoretype jks -deststorepass
   sspass -deststoretype jks -srckeystore service.p12 -srcstorepass
   skpass -srcstoretype pkcs12

This places the certificate in a new JKS keystore. The keystore's password is changed here to sspass, but the private key's password retains the earlier value of skpass.

keytool -list -keystore servicestore.jks -storepass sspass -v

The list command is just to show the keys presently in the keystore.

keytool -exportcert -alias myservicekey -storepass sspass -keystore 
   servicestore.jks -file service.cer
keytool -printcert -file service.cer
rm *.pem *.p12