Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
# View all certificates
keytool -list \
        -storepass changeit \
        -keystore $JAVA_HOME/usrlib/local/ubisecure/ubilogin-sso/ubilogin/custom/tomcat/keystore.pfx

Result before the import

Code Block
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

tomcat, Aug 28, 2023, PrivateKeyEntry, 
Certificate fingerprint (SHA-256): FF:BC:BE:57:69:2C:F0:35:06:8D:2D:F8:F3:42:D7:02:5F:1B:0D:47:29:1B:34:4D:FF:B5:DB:0F:1C:3B:4A:0Asecurity/cacerts \
          | grep -i openldap

Result before the import

Code Block
Warning: use -cacerts option to access cacerts keystore

Export the newly generated certificate to SSO tomcat

Code Block
# Export serverkey
keytool -importimportcert \
        -trustcacerts \
        -keystore /usr/local/ubisecure/ubilogin-sso/ubilogin/custom/tomcat/keystore.pfxalias openldap-trusted \
        -storepass changeitkeystore $JAVA_HOME/lib/security/cacerts \
        -noprompt \
        -alias 1-ubilogin-directorystorepass changeit \
        -file ~/ssl/servercert.pem

Check keystore after import (note, make sure that the trusted self-signed certificate is topmost position).

Code Block
# View all certificates
keytool -list \
        -storepass changeit \
        -keystore $JAVA_HOME/usrlib/local/ubisecure/ubilogin-sso/ubilogin/custom/tomcat/keystore.pfx

Result after the import

Code Block
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 2 entries

1-ubilogin-directory, Aug 28, 2023, trustedCertEntry, 
Certificate fingerprint (SHA-256): B9:08:F3:95:D7:4D:FD:ED:F7:E2:FC:8F:DE:81:B5:74:EE:2B:5F:2F:3C:96:9B:81:B8:06:3C:1E:3E:F0:89:0C
tomcat, Aug 28, 2023, PrivateKeyEntry, 
Certificate fingerprint (SHA-256): FF:BC:BE:57:69:2C:F0:35:06:8D:2D:F8:F3:42:D7:02:5F:1B:0D:47:29:1B:34:4D:FF:B5:DB:0F:1C:3B:4A:0Asecurity/cacerts \
          | grep -i openldap

Result after the import

Code Block
Warning: use -cacerts option to access cacerts keystore
openldap-trusted, Aug 29, 2023, trustedCertEntry,

Change ownership for generated files

...