Generate a SSL keystore

October 13th, 2020


To create a java keystore from your given a .ca-bundle and a .cer, you’ll need to have the private key that generated the .csr that you sent to the certificate signer. If instead you have .pem files for the cert and the key, you can experiment with the certificate .pem for the -in argument, and the key .pem for -inkey. Then,

  • Generate a CSR. Check here.
  • Common Name is the URL.
  • Run the next command to get a server.csr file:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
  • Run the next command to get the keystore.p12:
openssl pkcs12 -export -certfile STAR_mangoautomation_net.ca-bundle -inkey server.key -in STAR_mangoautomation_net.crt -name NAME -out keystore.p12 -passout pass:<MORE THAN 6 CHARACTERS>
  • Go to your jdk/bin folder.
  • Run:
sudo ./keytool -importkeystore -destkeystore /path/to/keystore.jks -srckeystore keystore.p12 -srcstoretype PKCS12 -alias NAME -srcstorepass <MORE THAN 6 CHARACTERS>
  • Enter destination keystore password: <MORE THAN 6 CHARACTERS>. Now you have a keystore.jks file.
  • Copy this into your MA_HOME/overrides/properties directory.
  • Edit your MA_HOME/overrides/properties/env.properties file such that:
ssl.on=true
ssl.port=443
ssl.keystore.location=/path/to/Mango/overrides/properties/keystore.jks
ssl.keystore.password=<MORE THAN 6 CHARACTERS>
  • Restart Mango
  • Success!

Copyright © 2020 Radix IoT, LLC.