You’ll likely be prompted for the password. -- Sean Roberts
From: "Ravikumar, Praveen Krishnamoorthy" <[email protected]> Reply-To: "[email protected]" <[email protected]> Date: Friday, 24 August 2018 at 15:30 To: "[email protected]" <[email protected]> Subject: Re: Need help in importing .pem(CA certificate) to knox Hey Sean, Thank you so much for sharing . This is really helpful. I have certificate file which is in .pem format and password for the certificate file ( I dunno where should I use this) . Is there any where I should use the password for the certificate file in the below commands? Thanks, Praveen. Sent from my iPhone On Aug 24, 2018, at 2:00 AM, Sean Roberts <[email protected]<mailto:[email protected]>> wrote: Praveen – I find the easiest way is to convert to pkcs12 (aka .pfx or .pfx) and then jks. (Note: JKS is an old and proprietary format. Knox really should switch to pkcs12. Keytool will tell you that). Can you list the files you have for your certificate(s) and key? There are many ways to use a .pem so there is no one command to use. 1. If everything (cert, cacert, private key) is in the .pem: openssl pkcs12 -export -in server.pem -out server.p12 2. If they are all separate: openssl pkcs12 -export -in server.cer -inkey server.key -certfile cacert.pem -out server.p12 Then convert p12 to pfx (replacing ${pw} with your knox master key). ``` sudo -u knox -i cd /usr/hdp/current/knox-server/data/security/keystores/ keytool -importkeystore -srckeystore server.p12 -srcstoretype pkcs12 -srcalias 1 -destkeystore gateway.jks -deststoretype jks -destalias gateway-identity -deststorepass "${pw}" -destkeypass "${pw}" /usr/hdp/current/knox-server/bin/knoxcli.sh create-alias gateway-identity-passphrase --value "${pw}" ``` -- Sean Roberts From: "Ravikumar, Praveen Krishnamoorthy" <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Friday, 24 August 2018 at 04:53 To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Need help in importing .pem(CA certificate) to knox Greetings, I need help in importing CA signed certificate in Knox. I have a certificate in .pem file format registered for domain name. Knox documentation had the steps to import .cert file but not for .pem file format. Could anyone please let me know the steps to import the .pem file certificate in Apache knox ? Thanks, Praveen.
