Applying an SSL certificate to the Pack Station
To validate a Pack Station certificate, the certificate has to match the domain name. This requires a certificate signing request (CSR) made from a private key. A CSR can be generated with Java Keytool, Microsoft Management Console or using a reputable third-party’s own rules. The CSR is used to obtain an SSL certificate from a third-party, the certificate authority. The certificate authority should send three certificates: root certificate, intermediate certificate and main certificate. The PKCS12 files or JKS files must be added to the keystore on the Pack Station server and the eFORMz server.
NOTE: eFORMz supports PKCS12 or JKS. The Pack Station currently only supports JKS. To convert PKCS12 to JKS, use the following command:
keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype JKS
Create a directory for the keystore
Open a command prompt and type the following:
mkdir sslcert
Then cd to the newly created directory by typing the following command:
cd sslcert
Create keystore
Use the following command to create a keystore:
keytool -genkey -alias youralias -keyalg RSA -keystore yourkeystorename.jks -keysize 2048
You will be prompted to enter keystore password. The default password is changeit
. You will be asked the following questions:
What is your first and last name? [Unknown]: sales.shipfx.cloud What is the name of your organizational unit? [Unknown]: IT What is the name of your organization? [Unknown]: Minisoft What is the name of your City or Locality? [Unknown]: Snohomish What is the name of your State or Province? [Unknown]: Washington What is the two-letter country code for this unit? [Unknown]: US
To confirm accuracy, type y
or yes
and press enter. You will then be prompted to enter the key password. Press enter if you are using the default password.
Generate a certificate signing request (CSR)
To generate a CSR, use the -certreq
command:
keytool -certreq -alias youralias -file yourcsrname.csr -keystore yourkeystorename.jks
Note: For general information on the creation of a CSR, consult the following post: Generate a CSR (certificate signing request) for an SSL certificate
Download certificate files
Send the certificate request to your certificate authority (CA). The CA will send you the certificate files. Once you’ve downloaded your certificate files, you’ll need to import them into the keystore.
Import root certificate to cacerts.jks and keystore.jks
keytool -import -trustcacerts -alias root -file (ROOT CERTIFICATE FILE NAME) -keystore domain.key
Import intermediate certificate to cacerts.jks and keystore.jks
keytool -import -trustcacerts -alias intermed -file (INTERMEDIATE CA FILE NAME) -keystore domain.key
Import entity (mydomain.com) certificate to keystore.jks
keytool -import -alias mydomain.com -keystore keystore.jks -trustcacerts -file mydomain.com.crt