Omni-Gen™ Security Guide > Updating Security Certificates

Updating Security Certificates

Topics:

This section describes how to update security certificates.

Overview

If you need to update the default security certificate with a different certificate (for example, a certificate approved by a Certificate Authority), then you must import the certificate along with the private key into the keystore. Sample scripts for Windows and Linux are available below for reference.

If you are copying the script directly from this document, consider the fact that whitespace characters might be distorted, requiring you to reformat the script. This will be streamlined in future releases.

To update the security certificates:

  1. Copy the security certificate file and paste it in the \OmniGenData folder.

    This file must be in PKCS#12 (or PFX) format. If it is in PEM format, then it must be converted.

  2. Create the script and copy it to the \OmniGenData folder.

    The exact location of the script will change in future releases.

  3. Run the script, which takes the following three arguments:
    • Source keystore (certificate)
    • Keystore password
    • Source alias

Sample Script for Windows

The following is the sample script for Windows.

@set KT="%JAVA_HOME%\bin\keytool"
@set OMNIGENDATA=..\OmniGenData

@if "%2" == "" goto args_count_wrong
@if "%3" == "" goto args_count_wrong
@if "%4" == "" goto args_count_ok

:args_count_wrong
@echo Invalid parameters. Usage: import.cmd srckeystore srcstorepass srcalias
@exit /b 1

:args_count_ok

cd %OMNIGENDATA%
@del /Q omnigenstore.p* ibi-certs

%KT% -importkeystore ^
-srckeystore %1 -destkeystore omnigenstore.p12 ^
-srcstorepass %2 -deststorepass omnigen ^
-srcalias %3 -destalias boot ^
-srcstoretype pkcs12 -deststoretype JKS ^
-destkeypass omnigen ^
-noprompt

%KT% -exportcert -alias boot -keystore omnigenstore.p12 -storepass omnigen -keypass omnigen -noprompt -rfc -file omnigenstore.pem
%KT% -importcert -alias boot -keystore ibi-certs -storepass changeit -noprompt -file omnigenstore.pem

%KT% -delete -alias boot -keystore OmniGovConsole\data\security\client-truststore.jks -storepass wso2carbon -noprompt
%KT% -importcert -alias boot -keystore OmniGovConsole\data\security\client-truststore.jks -storepass wso2carbon -noprompt -file omnigenstore.pem

cd ..\scripts

Sample Script for Linux

The following is the sample script for Linux.

#!/bin/sh

KT=$JAVA_HOME/bin/keytool
OMNIGENDATA=../OmniGenData

EXPECTED_ARGS=3
E_BADARGS=65

if [ $# -ne $EXPECTED_ARGS ]
then
  echo "Invalid parameters. Usage: `basename $0` srckeystore srcstorepass srcalias"
  exit $E_BADARGS
fi

cd $OMNIGENDATA
rm -rf omnigenstore.p* ibi-certs

$KT -importkeystore \
-srckeystore $1 -destkeystore omnigenstore.p12 \
-srcstorepass $2 -deststorepass omnigen \
-srcalias $3 -destalias boot \
-srcstoretype pkcs12 -deststoretype JKS \
-destkeypass omnigen \
-noprompt

$KT -exportcert -alias boot -keystore omnigenstore.p12 -storepass omnigen -keypass omnigen -noprompt -rfc -file omnigenstore.pem
$KT -importcert -alias boot -keystore ibi-certs -storepass changeit -noprompt -file omnigenstore.pem

$KT -delete -alias boot -keystore ./OmniGovConsole/data/security/client-truststore.jks -storepass wso2carbon -noprompt
$KT -import -alias boot -keystore ./OmniGovConsole/data/security/client-truststore.jks -storepass wso2carbon -noprompt -file omnigenstore.pem

cd ../scripts