Topics: |
This section describes how to update security certificates.
If you need to update the default security certificate with a different certificate (for example, a certificate approved by a Certificate Authority), then you must import the certificate along with the private key into the keystore. Sample scripts for Windows and Linux are available below for reference.
If you are copying the script directly from this document, consider the fact that whitespace characters might be distorted, requiring you to reformat the script. This will be streamlined in future releases.
To update the security certificates:
This file must be in PKCS#12 (or PFX) format. If it is in PEM format, then it must be converted.
The exact location of the script will change in future releases.
The following is the sample script for Windows.
@set KT="%JAVA_HOME%\bin\keytool" @set OMNIGENDATA=..\OmniGenData @if "%2" == "" goto args_count_wrong @if "%3" == "" goto args_count_wrong @if "%4" == "" goto args_count_ok :args_count_wrong @echo Invalid parameters. Usage: import.cmd srckeystore srcstorepass srcalias @exit /b 1 :args_count_ok cd %OMNIGENDATA% @del /Q omnigenstore.p* ibi-certs %KT% -importkeystore ^ -srckeystore %1 -destkeystore omnigenstore.p12 ^ -srcstorepass %2 -deststorepass omnigen ^ -srcalias %3 -destalias boot ^ -srcstoretype pkcs12 -deststoretype JKS ^ -destkeypass omnigen ^ -noprompt %KT% -exportcert -alias boot -keystore omnigenstore.p12 -storepass omnigen -keypass omnigen -noprompt -rfc -file omnigenstore.pem %KT% -importcert -alias boot -keystore ibi-certs -storepass changeit -noprompt -file omnigenstore.pem %KT% -delete -alias boot -keystore OmniGovConsole\data\security\client-truststore.jks -storepass wso2carbon -noprompt %KT% -importcert -alias boot -keystore OmniGovConsole\data\security\client-truststore.jks -storepass wso2carbon -noprompt -file omnigenstore.pem cd ..\scripts
The following is the sample script for Linux.
#!/bin/sh KT=$JAVA_HOME/bin/keytool OMNIGENDATA=../OmniGenData EXPECTED_ARGS=3 E_BADARGS=65 if [ $# -ne $EXPECTED_ARGS ] then echo "Invalid parameters. Usage: `basename $0` srckeystore srcstorepass srcalias" exit $E_BADARGS fi cd $OMNIGENDATA rm -rf omnigenstore.p* ibi-certs $KT -importkeystore \ -srckeystore $1 -destkeystore omnigenstore.p12 \ -srcstorepass $2 -deststorepass omnigen \ -srcalias $3 -destalias boot \ -srcstoretype pkcs12 -deststoretype JKS \ -destkeypass omnigen \ -noprompt $KT -exportcert -alias boot -keystore omnigenstore.p12 -storepass omnigen -keypass omnigen -noprompt -rfc -file omnigenstore.pem $KT -importcert -alias boot -keystore ibi-certs -storepass changeit -noprompt -file omnigenstore.pem $KT -delete -alias boot -keystore ./OmniGovConsole/data/security/client-truststore.jks -storepass wso2carbon -noprompt $KT -import -alias boot -keystore ./OmniGovConsole/data/security/client-truststore.jks -storepass wso2carbon -noprompt -file omnigenstore.pem cd ../scripts