Expires: [When does the signed cert expire?]
Keystore password: OMITTED
Copied from: http://www.entrust.net/knowledge-base/technote.cfm?tn=8898
This presumes your signing authority provided a .crt and .key file.
In order to install the intermediate certificates into a keystore, you need to download two intermediate certificate files from Entrust certificate pickup link. These files are L1K Intermediate certificate (default file name: Intermediate1.crt) and G2 Cross certificate (default file name : Intermediate2.crt).
Create a chained .pem file first by ordering the server certificate, intermediate, chained root, then root certificates in a single text file.
openssl pkcs12 -export -out wildcard.example.com.pfx -inkey wildcard.example.com.key -in wildcard.example.com.pem
This is a one-time activity. The output from this is saved to this repository to be re-used and copied across servers.
keytool -importkeystore -srckeystore wildcard.example.com.pfx -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS
keytool -import -alias Intermediate -keystore keystore.jks -trustcacerts -file Intermediate.crt
keytool -import -alias entrust_l1k_chain_root -keystore keystore.jks -trustcacerts -file entrust_l1k_chain_root.cer
keytool -changealias -alias 1 -destalias wildcard -keystore keystore.jks
Validate outputs with:
keytool -list -keystore keystore.jks
Enter keystore password:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 3 entries
Your keystore contains 3 entries
wildcard, Mar 5, 2020, PrivateKeyEntry,
Certificate fingerprint (SHA1): FE:A9:06:5F:72:9D:E3:71:E1:33:EE:FD:5B:9B:4C:6C:EB:A0:FE:FB
intermediate, Mar 5, 2020, trustedCertEntry,
Certificate fingerprint (SHA1): F2:1C:12:F4:6C:DB:6B:2E:16:F0:9F:94:19:CD:FF:32:84:37:B2:D7
entrust_l1k_chain_root, Mar 5, 2020, trustedCertEntry,
Certificate fingerprint (SHA1): 9E:1A:0C:35:E7:14:B6:97:92:D0:90:B2:CC:4B:BA:45:83:3C:30:15
The keystore directions on https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins may be helpful for importing the .pfx file to a keystore file.
https://wiki.jenkins.io/display/JENKINS/Running+Jenkins+behind+IIS
<arguments>-Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -jar "%BASE%\jenkins.war" --httpPort=0 --httpsPort=443 --httpsKeyStore="%BASE%\secrets\wildcard.example.com.jks" --httpsKeyStorePassword=OMITTED --webroot="%BASE%\war"</arguments>
keytool -importkeystore -srckeystore wildcard.example.com.jks -destkeystore wildcard.example.com.p12 -deststoretype PKCS12
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Entry for alias *.example.com successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
openssl pkcs12 -in wildcard.example.com.p12 -nokeys -out wildcard.example.com.crt
Enter Import Password:
MAC verified OK
openssl pkcs12 -in wildcard.example.com.p12 -nodes -nocerts -out wildcard.example.com.key
To verify the consistency of the RSA private key and to view its modulus:
openssl rsa -modulus -noout -in myserver.key | openssl md5
openssl x509 -modulus -noout -in myserver.crt | openssl md5