Using OpenSSL to Create a Certificate Keystore for Tomcat
Step 1: Creating a Public Certificate for Your Jamf Pro Server
To create and configure a public certificate for your Jamf Pro server using OpenSSL, follow the appropriate set of instructions below.
Note: All commands in this procedure must be executed as root. On Linux, type sudo before each command. On Windows, you must execute the commands as administrator.
Creating the Certificate Using OpenSSL
Open the command prompt or Terminal.
Create a folder on your desktop named Certs and navigate to the directory using the following commands:
mkdir /path/to/Desktop/Certs cd /path/to/Desktop/Certs
Generate a Private Key and CSR by executing a command similar to the following:
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
When prompted, enter the appropriate information.
The certificate authority (CA) administrator should be able to provide the desired values for these fields. Ensure that you use a fully qualified domain name (FQDN), such as jamf.mycompany.com. Gotcha! If your servers has multiple hostnames, I have learned use the FQDN in the cert that you intend on using for access… in other words the friendlier – useable FQDN, not necessarily the stale, boring server name…
Note: These values will also be used to generate a self-signed certificate in the new private key. Using a self-signed certificate may result in the “Safari/Firefox can’t verify the identity of the website ” message unless the client machines have been advised to trust this self-signed certificate. If using a self-signed certificate, proceed to step 6.
Send the CSR you just created to a valid CA (public or internal).
You should receive a .crt, .cer, or .pem file in return. See your CA vendor’s documentation for more information.
openssl cer to p12 conversion
openssl x509 -in RETURNED_Base64combined.cer -out RETURNED_Base64combined.pem openssl pkcs12 -export -out RETURNED_Base64combined.p12 -inkey privateKey.key -in RETURNED_Base64combined.Pem PROMPTED - Enter Export Password: [Verifying - Enter Export Password: openssl pkcs12 -export -out RETURNED_Base64combined.p12 -inkey privatekey.key -in RETURNED_Base64combined.pem