Skip to main content

Search

Sign in

Enterprise - Manage Certificates

  • Updated

This section will explain how to download and renew a client certificate via BackOffice.

Enterprise – Manage Certificates

Purpose:  To create / download a new certificate.

Note:
Make sure Java variables are properly configured in Environment Variables -> System variables.

  • Add new variable 'JAVA_HOME' and point it to your JRE directory. e.g. JAVA_HOME = C:\Program Files\Java\jre1.6.0_18
  • Edit variable 'Path' and append '%JAVA_HOME%\bin'.

Procedure:  Mouse over Enterprise and Click on Manage Certificates.

mceclip0.png

On the opened page, click on New Certificate

mceclip1.png

 Click on the New Certificate button, Input all the relevant data and click on the bottom panel once completed.

mceclip2.png

Download the Certificates and Save into your local environment

mceclip3.png 

Perform the following in Keytool: 

Open a new command line window and navigate to the folder where the certificate has been saved.

Run the following command to import issued certificate into the keystore:

keytool -import -trustcacerts -noprompt -alias keyalias -file xxxx-xxx-xxx-xxx.p7b -keystore keystore.jks -storepass passwd

 Note: replace the 'xxxx-xxx-xxx-xxx.p7b' with the actual issued certificate file name.

 Now download the root and intermediate certificates from BackOffice (download links are located at the bottom of “Retrieve Certificate” page).

  • Root certificate: londonium.brittania.dev_iVeri DEV Root CA(11).crt
  • Intermediate certificate: elastic.dev64.brittania.dev_iVeri Dev64 CA 1(7).crt

Then run the following commands to add these two certificates into JRE keystore “cacerts”:

keytool -import -trustcacerts -noprompt -alias keyalias -file londonium.brittania.dev_iVeri DEV Root CA(11).crt -keystore “C:\Program Files\Java\jre1.6.0\lib\security\ cacerts” -storepass changeit
keytool -import -trustcacerts -noprompt -alias keyalias -file elastic.dev64.brittania.dev_iVeri Dev64 CA 1(7).crt -keystore “C:\Program Files\Java\jre1.6.0\lib\security\ cacerts” -storepass changeit

Note: Since the 'cacerts' file is in a different directory, you need to specify the full path to that file. And the default keystore password for cacerts is “changeit” upon installing Java.  

You can always view certificates in the keystore by running the following command:

keytool -list -v -alias keyalias -keystore keystore.jks -storepass passwd

 If you do not specify the alias, the entire keystore will be listed. -v is used for detailed information.

 

Renewing a Certificate

Purpose:  To renew a certificate once it has expired.

Procedure:  Mouse over Enterprise and Manage Certificates

 

mceclip4.png

In the Certificate (Manage Certificates) page locate the certificate that has been issued. The certificates displayed in the grid can be sorted by selecting the column headings.

mceclip5.png

When the issued certificate has been located click on the Renew button for that certificate. The Certificate (Renew Certificate) page will load.

Follow the same process as per Manage Certificates above.

Then do the following in Keytool:

Copy (clone) the original key entry using the following command:

 keytool -keyclone -alias keyalias -dest newalias -keypass passwd -new new_passwd -keystore keystore.jks -storepass passwd

 

Generate a Certificate Signing Request (-certreq) for the cloned entry (use newalias), and import the reply certificate or certificate chain ( -import ).

Delete the original (now obsolete) entry from JRE keystore 'cacerts' with the following command:

 keytool -delete -alias keyalias -keystore keystore,jks -storepass passwd