Convert your own PEM or PKCS#12 certificate to use it on HDMS
Now HDMS uses Java KeyStore (extension is .jks) format certificate, thus you may need to convert your certificate to Java KeyStore format to use it.
To do this, we need two tools:
openssl
keytool
Generally, your CentOS system will have these two tools, but if it doesn't and you have no idea how to install these two tools, please contact us.
In the next section, we will introduce how to convert PEM file to PKCS#12 and finally to Java KeyStore file.
Step 1. From PEM (pem, cer, crt) to PKCS#12 (p12, pfx)
[root@localhost Desktop]# openssl pkcs12 -export -in certificate.crt -inkey privatekey.key -out hdms.p12 -name "hdms"
Enter Export Password:
Verifying - Enter Export Password:
Enter your export password, like test1234
.
Step 2. From PKCS#12 (p12, pfx) to Java KeyStore (.jks)
Follow the step 1, we now have PKCS#12 format file hdms.p12
, and the password for it is test1234
.
[root@localhost Desktop]# keytool -importkeystore -srckeystore hdms.p12 -srcstorepass test1234 -destkeystore hdms.keystore -deststoretype pkcs12 -deststorepass test1234
Entry for alias hdms successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
In the command, we set srcstorepass
which is the export password test1234
. And you need to specify the deststorepass
, in this, we use the same password as an example.
But if you want to set a password for Java KeyStore file different from the srcstorepass
, you need to specify the destkeypass
, and it should be equal to the deststorepass
.
[root@localhost Desktop]# keytool -importkeystore -srckeystore hdms.p12 -srcstorepass test1234 -destkeystore hdms.keystore -deststoretype pkcs12 -deststorepass hdms1234 -destkeypass hdms1234
Entry for alias hdms successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
Step 3. Replace the original certificate settings in server.xml
In the server.xml, you need to replace the original path in the setting keystoreFile
to the new keystore file path.
And you also need to modify the keystorePass
setting in it.
Step 4. Restart HDMS service
Firstly, enter the HDMS folder, there are two scripts shutdown.sh
and startup.sh
in the root folder of HDMS.
Then, shutdown the service.
At last, start the service again.
Â
That's all, thanks for reading.