Formatting code for Certificate
{{parent page="Security"}}
[[JavaKeystoreCert JavaKeystoreCert]]
==Concerting PEM to PKCS12 (pfx)==
This REALLY sucks - someone obtained a x509 certificate with the sole intention to use it on IBM HTTPServer, which is a total disaster. God knows how IBM transformed the trouble-free Apache into this monster. My advice, even if you're stuck with WebSphere, use the real Apache as the front-end web server.
%%
openssl pkcs12 -export -in x509_cert_file -name cert_alias -inkey private_key -certfile ca_cert -caname ca_name -out pkcs12_file.p12
%%
If you need to transform PEM formatted certificate into DER encoding, so it can be read by the fucked up IBM Key Manager
%%
openssl -in pem_cert -out der_cert -inform pem -outform der
%%
==Matching private key and certificate==
Match the modulus
%%
openssl rsa -noout -in server.key -modulus
openssl x509 -noout -in server.crt -modulus
%%
==Verify CA==
%%
openssl verify -CAfile ca_file certificate_file
%%
[[JavaKeystoreCert JavaKeystoreCert]]
==Concerting PEM to PKCS12 (pfx)==
This REALLY sucks - someone obtained a x509 certificate with the sole intention to use it on IBM HTTPServer, which is a total disaster. God knows how IBM transformed the trouble-free Apache into this monster. My advice, even if you're stuck with WebSphere, use the real Apache as the front-end web server.
%%
openssl pkcs12 -export -in x509_cert_file -name cert_alias -inkey private_key -certfile ca_cert -caname ca_name -out pkcs12_file.p12
%%
If you need to transform PEM formatted certificate into DER encoding, so it can be read by the fucked up IBM Key Manager
%%
openssl -in pem_cert -out der_cert -inform pem -outform der
%%
==Matching private key and certificate==
Match the modulus
%%
openssl rsa -noout -in server.key -modulus
openssl x509 -noout -in server.crt -modulus
%%
==Verify CA==
%%
openssl verify -CAfile ca_file certificate_file
%%
