Product Documentation
There are two ways to import the certificate used by SKFS into client's trust-store:
Using the certimport script:
- Login as "strongkey"
- Run the certimport script:
$ demo:~> certimport.sh
Usage: certimport.sh hostname -p<port> -k<JAVA | GLASSFISH | keystore path> -w<keystore password>
----------------------------------------------------------------------
certimport.sh saka201 (defaults to JAVA_HOME keystore)
certimport.sh expo1.strongauth.com -p8282 -kGLASSFISH (uses GLASSFISH_HOME to find keystore)
certimport.sh deicda02 -k../config/cacerts.p12 -wAbcd1234! Example $ demo:~> certimport.sh demo.strongkey.com Certificate was added to keystore at: /usr/local/strongkey/certs/cacerts $ demo:~> certimport.sh demo.strongkey.com -p8181 -kGLASSFISH Certificate was added to keystore at: /usr/local/strongkey/payara6/glassfish/domains/domain1/config/cacerts.p12 - Restart Glassfish
shell> sudo systemctl restart payara # For SKFS version 4.12 and below, use the following command instead: shell> sudo service glassfishd restart
Using the keytool command:
- Export the certificate from updated keystore to import into Glassfish and JAVA trust-stores:
keytool -exportcert -alias s1as -file /usr/local/strongkey/certs/<SKFS-FQDN>.der --keystore /usr/local/strongkey/payara6/glassfish/domains/domain1/config/keystore.p12 -storepass changeit - Import the certificate from previous step into the Glassfish and JAVA trust-stores.
keytool -importcert -noprompt -alias <FQDN> -file /usr/local/strongkey/<SKFS-FQDN>.der --keystore /usr/local/strongkey/payara6/glassfish/domains/domain1/config/cacerts.p12 --storepass changeitkeytool -importcert -noprompt -alias <FQDN> -file /usr/local/strongkey/<SKFS-FQDN>.der --keystore /usr/local/strongkey/certs/cacerts --storepass changeitNOTE: The default keystore password is: “changeit”
- Restart Glassfish
shell> sudo systemctl restart payara # For SKFS version 4.12 and below, use the following command instead: shell> sudo service glassfishd restart