Creating a keystore for Sametime mux: third-party CA
About this task
Two scenarios are described in this topic.
- Scenario 1: A single certificate and private key are issued from the CA.
-
- Run the command to create the
keystore.
openssl pkcs12 -export -in server.crt -inkey server.key -name ‘mux’ -out keystore.p12
The sample command makes use of the following naming conventions.server.crt
: Signed certificate filenameserver.key
: Private key filename‘mux’
: Alias name (how it appears in the keystore)keystore.p12
: The resulting keystore file name
- Run the command to create the
keystore.
- Scenario 2: A chained certificate which consists of multiple certificate files are provided, along with the private key.
-
- Use
cat
to combine the certificates into a single file (cert-chain.txt), which is used in the command. These certificates must be combined in this order: server, intermediate, CA root.
In the above example, the server’s signed cert iscat signed.crt intermediate.crt root_CA.crt > cert-chain.txt
signed.crt
, the intermediate certificate isintermediate.crt
, and the root CA certificate isroot_CA.crt
. - Run the command to create the
keystore.
openssl pkcs12 -export -in cert-chain.txt -inkey server.key -name ‘mux’ -out keystore.p12
The sample command makes use of the following naming conventions.cert-chain.txt: File created from step 1 containing chained cert server.key: Private key filename ‘mux’: Alias name
keystore.p12
: The resulting keystore file name
- Use
What to do next
After the keystore is created, do the following:
- Move the .KEY, .CRT, and .PEM files to a secure location and remove them from the machine.
- Record the keystore password that is used in another step.