Wednesday, February 3, 2016

vCD8-SP: Wildcard certificate

I have a wildcard.pfx certificate which I need to use in my vCD instance.  Here are the steps to convert the certificate and import into vCD:


  1. Convert the pfx to pem:
    1. openssl pkcs12 -in certificate.pfx -out certificate.cer –nodes
  2. Extract the private key from the certificate.cer.
    1. copy from -----BEGIN PRIVATE CERTIFICATE----- 
    2. to end of -----END PRIVATE CERTIFICATE-----
    3. Create new file called certificate.key and paste 
  3. Recreate pfx and set alias for http
    1. openssl pkcs12 -export -in certificate.cer -inkey certificate.key -name http -passout pass:yourpassword -out http.pfx
  4. Recreate pfx and set alias for consoleproxy
    1. openssl pkcs12 -export -in certificate.cer -inkey certificate.key -name consoleproxy -passout pass:yourpassword -out consoleproxy.pfx
  5. Import the 2 PKCS12 keystores into Java keystore using keystore
    1. ./keytool -importkeystore -srckeystore http.pfx -srcstoretype PKCS12 -destkeystore certificate.ks -deststoretype JCEKS -deststorepass yourpassword -srcalias http -destalias http -srcstorepass yourpassword
    2. ./keytool -importkeystore -srckeystore consoleproxy.pfx -srcstoretype PKCS12 -destkeystore certificate.ks -deststoretype JCEKS -deststorepass yourpassword -srcalias consoleproxy -destalias consoleproxy -srcstorepass yourpassword
  6. Now import the root and intermediate certificates (if any) to the same keystore
    1. ./keytool -importcert -alias root -file GeoTrust_Global_CA.cer -storetype JCEKS -keystore certificate.ks -storepass yourpassword
    2. keytool -importcert -alias intermediate -file RapidSSL.cer -storetype JCEKS -keystore certificate.ks -storepass yourpassword
To replace it your can read my previous blog post