CSR - Certificate Signing Request
fw - farmerswife
"keytool" is part of any Java installation
"openssl" is part of any fw Server app installation, located in fw Server app installation > lib > openssl
IMPORTANT:
- The steps here should only be used, if your certificate provider does NOT have an own CSR process in place!
- First check on your CA's own documentation on how to start the certificate creation on the fw Server app's host machine.
- Do NOT use the below information one-to-one!! It's example information! Copy what you need into a proper text editing tool on the fw Server app's host machine. Modify each step according to your OWN information.
Generating the private key and creating the CSR manually:
Windows: C:\Program Files\Java\jre_installedversion\bin>keytool.exe -genkey -keyalg RSA -keysize 2048 -dname "cn=farmerswife.example.com, o=Farmers WIFE S.L., c=ES" -alias farmerswife.example.com -keystore keystore -keypass secret123 -storepass secret123 -validity 1095
Mac and Linux: keytool -genkey -keyalg RSA -keysize 2048 -dname "cn=farmerswife.example.com, o=Farmers WIFE S.L., c=ES" -alias farmerswife.example.com -keystore keystore -keypass secret123 -storepass secret123 -validity 1095
Note: validity here means from “today” up-to/including the day the certificate expires.
Now create a CA-request that you will later upload on your certificate provider's website:
Windows: C:\Program Files\Java\jre_installedversion\bin>keytool.exe -certreq -alias farmerswife.example.com -file farmerswife.example.com.txt -keypass secret123 -keystore keystore -storepass secret123
Mac and Linux: keytool.exe -certreq -alias farmerswife.example.com -file farmerswife.example.com.txt -keypass secret123 -keystore keystore -storepass secret123
Once done you will obtain a PEM that you need to rename to server.pem.
This will be the server.pem you will use for the desktop client. Then import it to the keystore:
Windows: C:\Program Files\Java\jre_installedversion\bin>keytool.exe -keystore keystore -importcert -alias farmerswife.example.com -file server.pem -trustcacerts -keypass secret123 -storepass secret123
Mac and Linux: keytool.exe -keystore keystore -importcert -alias farmerswife.example.com -file server.pem -trustcacerts -keypass secret123 -storepass secret123
Now extract the private key as skey.pem to use it for the desktop client:
Windows: C:\Program Files\Java\jre_installedversion\bin>keytool.exe -v -importkeystore -srckeystore keystore -srcalias farmerswife.example.com -destkeystore skey.p12 -deststoretype PKCS12
Mac and Linux: keytool.exe -v -importkeystore -srckeystore keystore -srcalias farmerswife.example.com -destkeystore skey.p12 -deststoretype PKCS12
Then move the file skey.p12 to the following folder to execute the command, converting from a p12 to a .pem to get the "private key" in .pem format:
Windows: C:\Program Files (x86)\farmerswife Server\lib\openssl\openssl.exe pkcs12 -in skey.p12 -nodes -nocerts -out skey.pem
Mac and Linux: openssl pkcs12 -in skey.p12 -nodes -nocerts -out skey.pem
And finally rename the already existing server.pem and skey.pem to server.pem.old and skey.pem.old. This way you can move server.pem and skey.pem to this folder:
Windows: C:\Program Files (x86)\farmerswife Server\html_templates\http_session\ssl_certs\
Mac and Linux: /path/to/your/farmerswife Server/html_templates/http_session/ssl_certs/
Optional:
Depending on the certificate you apply you may need to also import the cacert file from your provider, so you just need to do the following before moving the certificates to their places:
Windows: C:\Program Files\Java\jre_installedversion\bin>keytool.exe -import -trustcacerts -keystore keystore -storepass secret123 -alias farmerswife.example.com -import -file providerCAcert.txt
Mac and Linux: keytool -import -trustcacerts -keystore keystore -storepass secret123 -alias farmerswife.example.com -import -file providerCAcert.txt