https://support.eset.com/kb6243
Issue
- Create custom certificates or certification authorities (CAs) for ESET Remote Administrator (ERA).
Solution
Prerequisites
- Verify Java is installed. Keytool, included in Java, allows you to create and store certificates.
Solution
Enter the commands shown below to create a new certificate:
-
Open a Command Prompt as the administrator (or root on Linux systems) and navigate to the folder where
keytool
is located:C:\Program Files (x86)\Java\jre1.8.0_40\bin
(The directory depends on the OS and JRE version.)
- Generate a key pair (a public key and associated private key) which will be used as the Certification Authority (CA):
Linux
keytool -genkeypair -v -alias aliasName -keystore keystore.jks -keyalg RSA -keysize 2048 -ext KeyUsage:critical="keyCertSign" -ext BasicConstraints:critical="ca:true" -validity 3650
Windows
keytool -genkeypair -v -alias "aliasName"-keystore keystore.jks -keyalg RSA -keysize 2048 -ext KeyUsage:critical="keyCertSign" -ext BasicConstraints:critical="ca:true" -validity 3650
- Export the CA from the keystore:
Linux
keytool -exportcert -alias "aliasName" -file aliasName.der -keystore keystore.jks
Windows
keytool -export -alias "aliasName" -file aliasName.der -keystore keystore.jks
-
Generate a key pair for the certificate:
Linuxkeytool -genkeypair -v -alias "aliasName" -keytore keystore.jks -keyalg RSA -keysize 2048 -storepass "yourPassword" -keypass "yourPassword"
Windows
keytool -genkeypair -v -alias "aliasName" -keytore keystore.jks -keyalg RSA -keysize 2048 -storepass "yourPassword" -keypass "yourPassword"
-
Create a certificate request (
.csr
file) for the certificate:
Linux
keytool -certreq -keystore keystore.jks -storepass "yourPassword" -alias "aliasName" -file file.csr
Windows
keytool -certreq -keystore keystore.jks -storepass "yourPassword" -alias "aliasName" -file file.csr
-
Create a certificate with the certificate request:
Linux
keytool -gencert -keystore keystore.jks -storepass "yourPassword" -alias "aliasName" -infile file.csr -outfile output.cer
Windows
keytool -gencert -keystore keystore.jks -storepass "yourPassword" -alias "aliasName" -infile file.csr -outfile output.cer
-
Create a
.pfx
file fromkeystore.jks
:
Linuxkeytool -importkeystore -v -srcalias aliasName -srckeystore keystore.jks -srcstorepass yourPassword -srcstoretype JKS -destkeystore aliasName.pfx -destkeypass yourPassword -deststorepass yourPassword -deststoretype PKCS12 -destalias aliasName
Windows
keytool -importkeystore -v -srcalias "aliasName" -srckeystore keystore.jks -srcstorepass yourPassword -srcstoretype JKS -destkeystore aliasName.pfx -destkeypass yourPassword -deststorepass yourPassword -deststoretype PKCS12 -destalias "aliasName"
For more information about keytool, visit the Oracle webpage.
Reactie toevoegen
Log in of registreer om een reactie te plaatsen.