Showing posts with label KeyStore. Show all posts
Showing posts with label KeyStore. Show all posts

Thursday, September 6, 2018

Keytool & OpenSSL handy commands

OpenSSL command to extract SSL host certificate


openssl s_client -servername <<servername>> -connect <<servername>>:<<portnumber>>


Java Keytool Commands for Creating and Importing

  • Generate a Java keystore and key pair
    keytool -genkey -alias mydomain -keyalg RSA -keystore keystorename.jks -keysize 2048
  • Generate a certificate signing request for an existing Java keystore
    keytool -certreq -alias domainname -keystore keystore.jks -file domainname.csr
  • Import a root or intermediate CA certificate to an existing Java keystore
    keytool -import -trustcacerts -alias root -file serverchain1.crt -keystore keystore.jks
  • Import a signed primary certificate to an existing Java keystore
    keytool -import -trustcacerts -alias mydomainname -file mydomainname.crt -keystore keystore.jks
  • keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

Java Keytool Commands for Checking

  • Check a stand-alone certificate
    keytool -printcert -v -file mydomain.crt
  • Check which certificates are in a Java keystore
    keytool -list -v -keystore keystore.jks
  • Check a particular keystore entry using an alias
    keytool -list -v -keystore keystore.jks -alias mydomain
  • Delete a certificate from a Java Keytool keystore
    keytool -delete -alias mydomain -keystore keystore.jks
  • Change a Java keystore password
    keytool -storepasswd -new new_storepass -keystore keystore.jks
  • Export a certificate from a keystore
    keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
  • List Trusted CA Certs
    keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
  • Import New CA into Trusted Certs
    keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts
Posted by No comments:
Labels: , , , , , , , , , ,

Saturday, October 24, 2015

Fix: OAM 11g R2 PS2 (11.1.2.2.0) Keystore tampered error

Issue:

OAM 11g R2 PS2 (11.1.2.2.0) throwing the following error:

[oam_server1] [ERROR] [] [Coherence] [tid: Logger@1725259747 3.7.1.1] [userId: ] [ecid: 0000Kcfv^DM7ECK6yVuXMG1KXY0q000002,0] [APP: oam_server#11.1.2.0.0] 2015-10-12 03:08:58.358/302741.698 Oracle Coherence GE 3.7.1.1 (thread=Configuration Store Observer, member=n/a): Error while starting cluster: (Wrapped) java.io.IOException: Keystore was tampered with, or password was incorrect.

- Restarting the Oracle Access Manager (OAM) Server fails with the same error.

Reason:

The ".cohstore.jks" keystore file is corrupt and must be restored from backup.

If the password in the ".cohstore.jks" keystore file is corrupt, even though you may be able to get the password using a WLST command, it needs to be restored from backup.

Solution:

1) Start the AdminServer.
2) Connect to the Enterprise Manager.
3) Locate the Domain in the left navigation panel.
4) Right click and select Security -> Credentials.
5) Delete the credential Map key pair (OAM_STORE, coh).
6) Restart the AdminServer. This will re-create the Coherence Bootstrap artifact and reset the required password.

-- Siva Pokuri.
Posted by No comments:
Labels: , , , ,

Sunday, July 13, 2014

Info: Default Weblogic DemoTrust & DemoIdentity KeyStore passwords


Property
Value
Trust store location
%ORACLE_HOME%/weblogic/wlserver_10.3/ server/lib/DemoTrust.jks
Trust store password
DemoTrustKeyStorePassPhrase
Key store location
%ORACLE_HOME%/weblogic/wlserver_10.3/ server/lib/DemoIdentity.jks
Key store password
DemoIdentityKeyStorePassPhrase
Private key password
DemoIdentityPassPhrase

-- Siva Pokuri.
Posted by No comments:
Labels: ,
Subscribe to: Posts (Atom)