Convert your own PEM or PKCS#12 certificate to use it on HDMS

Now HDMS uses Java KeyStore (extension is .jks) format certificate, thus you may need to convert your certificate to Java KeyStore format to use it.

To do this, we need two tools:

  1. openssl

  2. keytool

Generally, your CentOS system will have these two tools, but if it doesn't and you have no idea how to install these two tools, please contact us.

In the next section, we will introduce how to convert PEM file to PKCS#12 and finally to Java KeyStore file.

Step 1. From PEM (pem, cer, crt) to PKCS#12 (p12, pfx)

[root@localhost Desktop]# openssl pkcs12 -export -in certificate.crt -inkey privatekey.key -out hdms.p12 -name "hdms" Enter Export Password: Verifying - Enter Export Password:

Enter your export password, like test1234.

Step 2. From PKCS#12 (p12, pfx) to Java KeyStore (.jks)

Follow the step 1, we now have PKCS#12 format file hdms.p12, and the password for it is test1234.

[root@localhost Desktop]# keytool -importkeystore -srckeystore hdms.p12 -srcstorepass test1234 -destkeystore hdms.keystore -deststoretype pkcs12 -deststorepass test1234 Entry for alias hdms successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled

In the command, we set srcstorepass which is the export password test1234. And you need to specify the deststorepass, in this, we use the same password as an example.

But if you want to set a password for Java KeyStore file different from the srcstorepass, you need to specify the destkeypass, and it should be equal to the deststorepass.

[root@localhost Desktop]# keytool -importkeystore -srckeystore hdms.p12 -srcstorepass test1234 -destkeystore hdms.keystore -deststoretype pkcs12 -deststorepass hdms1234 -destkeypass hdms1234 Entry for alias hdms successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled

Step 3. Replace the original certificate settings in server.xml

In the server.xml, you need to replace the original path in the setting keystoreFile to the new keystore file path.

And you also need to modify the keystorePass setting in it.

Step 4. Restart HDMS service

Firstly, enter the HDMS folder, there are two scripts shutdown.sh and startup.sh in the root folder of HDMS.

Then, shutdown the service.

At last, start the service again.

 

That's all, thanks for reading.