- #Keystore explorer add private key how to#
- #Keystore explorer add private key install#
- #Keystore explorer add private key password#
- #Keystore explorer add private key download#
#Keystore explorer add private key download#
Download the utility here: Īfter downloading (a small. Let’s look at installing this little gem and using it for replacing an SSL certificate in the keystore for use with Apache Tomcat. I found the above statement to be extremely accurate. KeyStore Explorer presents their functionality, and more, via an intuitive graphical user interface. KeyStore Explorer is an open source GUI replacement for the Java command-line utilities keytool and jarsigner. Let me introduce you to a GUI tool that makes interacting with the keystore file MUCH easier! It is called Keystore Explorer. However, the keytool command can be difficult to decipher correct syntax, and I have found many discrepancies between documentation, depending on the source of the documentation as to the correct syntax of keytool. The keytool command is the command line way to interact with the keystore file. Official documentation with many applications such as Atlassian Jira, have you use a combination of openssl commands and the keytool command. This file is usually found in the “Home” directory of the user that is running the Tomcat application. If you aren’t familiar, most if not all Apache Tomcat applications make use of a “ keystore” file that houses the private key and certificate chain that is read when the Apache Tomcat Java applet starts. Instead of painstakingly maneuvering around the myriad of commands to get a new SSL certificate in place, there is an easy way to do this with a handy GUI utility.
#Keystore explorer add private key install#
Easy Way to Replace or Install Apache Tomcat SSL Certificate I want to show you an easy way to replace or install apache tomcat SSL certificate for Jira or any other Apache Tomcat based application. If you have ever done this before, you know that it can be a royal PITA as there are specific commands and specific certificate types that you have to have in order to make sure the command line options do not bomb out on you when you are updating the certificate. Save the keystore file and copy it to the Unifi controller.In working with a client recently, I was tasked with replacing an SSL certificate in Apache Tomcat, specifically for a JIRA install.
#Keystore explorer add private key password#
This should be the password you have set in the Unifi controller (aircontrolenterprise). Locate the PFX file and give the password you gave during creation of the pfx file.Īnd provide the new password. Now switch back to keystore explore and delete the unifi entry.Ĭlick: Tools –> Import Key Pair –> PKCS12. This could be different than the password used in the Unifi controller.
![keystore explorer add private key keystore explorer add private key](https://i.stack.imgur.com/d5lle.jpg)
The command to create the PKCS12 file is: openssl pkcs12 -export -in. If you don’t have already please install openssl.
![keystore explorer add private key keystore explorer add private key](https://i.stack.imgur.com/KtKoa.png)
Now we need to create a PFX (PKCS12) file which holds the just created cer file and the key file. Note: You don’t have to provide the Root CA certificate as this should already be present on the endpoints connecting to your Unifi controller. Start with your own SSL certificate and follow the chain up to the Root CA. If you have more than 1 intermedate certificate just add them all. Paste the certificate followed by the intermediate certificate(s). Open a new text file in notepad, or your favorite text editor. If you can open the file with the given password we need to replace the current self-signed certificate with your own certificate.įirst create 1 cer file which holds the certificate and intermediate certificate(s). try to open this file in keystore explorer with the correct password.Restart the controller and there will be a new keystore file generated.Note: You could also choose your own password here Edit /usr/lib/unifi/data/system.properties and add line: =aircontrolenterprise.Rename current keystore file so the controller can’t use it anymore (or just delete it).If you can’t open it with password: aircontrolenterprise then you need to make sure the controller is using this password. Open the current keystore file in “ Keystore Explorer“. The keystore file is located in: /usr/lib/unifi/data (Linux) or %UserProfile%/Ubiquiti Unifi (Windows). The keystore file must have alias: unifi.The keystore file must have password: aircontrolenterprise (can be changed).In this file the whole certificate chain and key file must be included The controller works with a keystore file.But they made it a bit to complex ? Read article.įirst let me explain what kind of certificate the Unifi controller wants to have:
![keystore explorer add private key keystore explorer add private key](https://keystore-explorer.org/images/mac_sign.png)
#Keystore explorer add private key how to#
Ubiquiti has a little article on the site how to add yout own ssl certificate to your Unifi controller. Published by Jeroen Tielen on JJune 4, 2018
![keystore explorer add private key keystore explorer add private key](https://i.stack.imgur.com/6rweX.png)
Ubiquiti Unifi Controller SSL Certificate creation process