Latest News

the latest news from our team

Home Ship/FXApplying an SSL certificate to the Pack Station
15
February, 2022
#CSR #Keystore #Pack Station #Ship/FX

Applying an SSL certificate to the Pack Station

By: /
With: No Comments /
In: Ship/FX, SSL Configure

To validate a Pack Station certificate, the certificate has to match the domain name. This requires a certificate signing request (CSR) made from a private key. A CSR can be generated with Java Keytool, Microsoft Management Console or using a reputable third-party’s own rules. The CSR is used to obtain an SSL certificate from a third-party, the certificate authority. The certificate authority should send three certificates: root certificate, intermediate certificate and main certificate. The PKCS12 files or JKS files must be added to the keystore on the Pack Station server and the eFORMz server.

NOTE: eFORMz supports PKCS12 or JKS. The Pack Station currently only supports JKS. To convert PKCS12 to JKS, use the following command:

keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype JKS

Create a directory for the keystore

Open a command prompt and type the following:

mkdir sslcert

Then cd to the newly created directory by typing the following command:

cd sslcert

Create keystore

Use the following command to create a keystore:

keytool -genkey -alias youralias -keyalg RSA -keystore yourkeystorename.jks -keysize 2048

You will be prompted to enter keystore password. The default password is changeit. You will be asked the following questions:

What is your first and last name?
  [Unknown]:  sales.shipfx.cloud
What is the name of your organizational unit?
  [Unknown]:  IT
What is the name of your organization?
  [Unknown]:  Minisoft
What is the name of your City or Locality?
  [Unknown]:  Snohomish
What is the name of your State or Province?
  [Unknown]:  Washington
What is the two-letter country code for this unit?
  [Unknown]:  US

To confirm accuracy, type y or yes and press enter. You will then be prompted to enter the key password. Press enter if you are using the default password.

Generate a certificate signing request (CSR)

To generate a CSR, use the -certreq command:

keytool -certreq -alias youralias -file yourcsrname.csr -keystore yourkeystorename.jks

Note: For general information on the creation of a CSR, consult the following post: Generate a CSR (certificate signing request) for an SSL certificate

Download certificate files

Send the certificate request to your certificate authority (CA). The CA will send you the certificate files. Once you’ve downloaded your certificate files, you’ll need to import them into the keystore.

Import root certificate to cacerts.jks and keystore.jks

keytool -import -trustcacerts -alias root -file (ROOT CERTIFICATE FILE NAME) -keystore domain.key

Import intermediate certificate to cacerts.jks and keystore.jks

keytool -import -trustcacerts -alias intermed -file (INTERMEDIATE CA FILE NAME) -keystore domain.key

Import entity (mydomain.com) certificate to keystore.jks

keytool -import -alias mydomain.com -keystore keystore.jks -trustcacerts -file mydomain.com.crt

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *