Generate an LDAP client certificate for mutual authentication using OpenSSL. The
final output is a PKCS#12 certificate stored within a Java keystore.
Avant de commencer
Role required: admin
Pourquoi et quand exécuter cette tâche
See the OpenSSL documentation for more information about generating
certificates. These steps assume you have access to OpenSSL.
Enter these commands in a command line interface.
Procédure
-
Generate a self-signed client certificate.
For example, this command creates a client certificate test1-cert.crt based
on the test1-key.key private key.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout test1-key.key -out test1-cert.crt
-
Convert both the certificate file and private key to PKCS#12 (a file with a
.pfx or .p12 extension).
For example, this command converts the client certificate and private key
to a PKCS#12 certificate called test1-certificate.pfx.
openssl pkcs12 -export -out test1-certificate.pfx -inkey test1-key.key -in test1-cert.crt
-
Generate the Java Key Store and import the pkcs12 file into it.
For example, this command imports the certificate to the test1.jks Java
keystore.
keytool -importkeystore -srckeystore test1-certificate.pfx -srcstoretype PKCS12 -destkeystore test1.jks
-
Upload the certificate in the keystore file
(
test1.jks) to the instance.
Remarque : If you are uploading to an on-premise instance using a certificate with
the .jks extension and you receive an error saying "No valid certificate
found to process the application upload", use a certificate with the
.pfx extension instead.