Hello,
1)[/b] The instructions for setting up wildfire uses the keytool program to create a self signed certificate for my server and put it into the “keystore” file. E.g.:
keytool -genkey -keystore keystore -alias example.com[/b]
2)[/b] It then goes on to show you how to create a Certificate Signing Request (CSR) file to send to the Certificat Authority (CA organizations such as Verisign) for signing:
keytool -certreq -keystore keystore -alias example.com -file certificate_file[/b]
3)[/b] Once you get the signed cerfificate back from the CA, you import it into your wildfire “keystore” file as follows:
keytool -import -keystore keystore -alias example.com -file signed_certificate_file[/b]
The signed certificate or the original self signed certificate is what I need for the admin screen which should look something like:
BEGIN CERTIFICATE-----
MIID6DCCA1GgA0IBAgIBADANBgkqhkiG9w0BAQQFADCBrzELMAkGA1UEBhMCVVMx
ETAPBgNVBAgTCE1hcnlsYW5kMRUwEwYDVQQHEwxHYWl0aGVyc2J1cmcxHzAdBgNV
BAoTFkRlcGFy221lbnQgb2YgQ29tbWVyY2UxNzA1BgNVBAsTLk5hdGlvbmFsIElu
c3RpdHV0ZSBvZiBTdGFuZGFyZHMgYW5kIFRlY2hub2xvZ3kxHDAaBgNVBAMTE3Nl
dXJhdC5jYnQubmlzdC5nb3YwHhcNMDYwMjE2MjIzNjEwWhcNMjYwMjExMjIzNjEw
WjCBrzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMRUwEwYDVQQHEwxH
YWl0aGVyc2J1cmcxHzAdBgNVBAoTFkRlcGFydG1lbnQgb2YgQ29tbWVyY2UxNzA1
BgNVBAsTLk5hdGlvbmFsIEluc3RpdHV0ZSBvZiBTdGFuZGFyZHMgYW5kIFRlY2hu
b2xvZ3kxHDAaBgNVBAMTE3NldXJhdC5jYnQubmlzdC5nb3YwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBANiWCdCIN3VaD71yrDhFBu6rRjgWznkCI1rLgp4LhNl7
Tou+bieglMsEEgrSt3u7e61wc0dEYRcPW6OBegp21Jx4Uen38pJmZRrMGQfrKZWx
nzU631K4NzXqep6jB0wGxP1VHRcYvzDmlAIk9Tvi2HrYNlmIeACLSJ9xPnX4t7FX
AgMBAAGjggEQMIIBDDAdBgNVHQ4EFgQUyVSnC9Ek9Eak79yFA9FDDk+Gpp4wgdwG
A1UdIwSB1DCB0YAUyVSnC9Ek9Eak79yFA9FDDk+Gpp6hgbWkgbIwga8xCzAJBgNV
BAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFuZDEVMBMGA1UEBxMMR2FpdGhlcnNidXJn
MR8wHQYDVQQKExZEZXBhcnRtZW50IG9mIENvbW1lcmNlMTcwNQYDVQQLEy5OYXRp
b25hbCBJbnN0aXR1dGUgb2YgU3RhbmRhcmRzIGFTZCBUZWNobm9sb2d5MRwwGgYD
VQQDExNzZXVyYXQuY2J0Lm5pc3QuZ292ggEAMGwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQEEBQADgYEAY2gVTlKjFyCGa40vhr3HBcdEpRXrmvZqNJBDeGfDhJeNyx
OpSz2LK0jex1bWUmYswiQF52rI2pmj9bHRWRqzHqxEdP0lXEOFsE0QAQ2I+mZaZ/
PRmy63bw5vSVUcfAcXV7+eHcj12vDqsOETfNOW5GP3C8NsRaB43XJClzg7U=
END CERTIFICATE-----
In the admin console “Server->Security Settings”, in the “Certificate” box, it says:
Paste in the certificate sent to you by the CA or the self-signed certificate generated via the keytool.[/b]
Since I don’‘t need an offcially signed certificate from a Certificate Authority, does anyone know how to extract wildfire’‘s self-signed server certificate from the “keystore” file that lives in directory “resources/security” (i.e. the one created from step 1 above) so that I can copy its content (such as shown above) and import it into another wildfire server’'s admin screen?
I’‘m thinking that this is how wildfire do “client certificate verification” - i.e. when a client connects, wildfire requests the client’'s certificate and compares it with its “truststore” file before authorizing connectivity - is this correct?