Versions Compared

Version Old Version 4 New Version Current
Changes made by

Mike Olivas

Mike Olivas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Add --debug to the command to expose the full keytool string: datical-control https generate-signing-request --output /tmp/certificate.csr --debug 

    1. Output:

      Code Block
      [centos@ip-172-30-3-182centos@dmcserver datical-service]$ datical-control https generate-signing-request --output /tmp/certificate.csr --debug                          

Executing shell:
/opt/datical/jre/bin/keytool -certreq -alias datical -keystore /opt/datical/data/datical-service/keystore.p12 -storepass datical -file /tmp/certificate.csr
Environment: null
CSR saved to /tmp/certificate.csr

    1. (If you want to use a *.example.com certificate)Re-run the Executing shell command that is returned from the above command and insert the Common Name you would like to be used by the certificate in an option called -dname: /opt/datical/jre/bin/keytool -certreq -alias datical -dname "o=example, o=com" -v -keystore /opt/datical/data/datical-service/keystore.p12 -storepass datical -file /tmp/certificate.csr

      1. Output:

        Code Block
        [centos@ip-172-30-3-182centos@dmcserver datical-service]$ /opt/datical/jre/bin/keytool -certreq -alias datical -dname "o=liquibase, o=com" -v -keystore /opt/datical/data/datical-service/keystore.p12 -storepass datical -file /tmp/certificate.csr

Certification request stored in file </tmp/certificate.csr>
Submit this to your CA

    2. (If you want to use a hostname.example.com certificate)Re-run the Executing shell command that is returned from the above command and insert the Common Name you would like to be used by the certificate in an option called -dname: /opt/datical/jre/bin/keytool -certreq -alias datical -dname "CN=hostname,o=example, o=com" -v -keystore /opt/datical/data/datical-service/keystore.p12 -storepass datical -file /tmp/certificate.csr

      1. Output:

        Code Block
        [centos@ip-172-30-3-182centos@dmcserver datical-service]$ /opt/datical/jre/bin/keytool -certreq -alias datical -dname "cn=dmcserver,o=liquibase, o=com" -v -keystore /opt/datical/data/datical-service/keystore.p12 -storepass datical -file /tmp/certificate.csr

Certification request stored in file </tmp/certificate.csr>
Submit this to your CA

  3. Check that the new certificate has the desired common name versus a * with this command: openssl req -in /tmp/certificate.csr -noout -text

    1. Output:

      Code Block
      [centos@ip-172-30-3-182centos@dmcserver datical-service]$ openssl req -in /tmp/certificate.csr -noout -text

Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: O=com, O=liquibase
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)

...