Welcome Guest! Log in


Some technologies sometimes require a certificate to connect to the server. For example when working with HTTPS, SSH, SFTP, FTPS, SMTP servers, etc.

Java needs to have these certificates in the truststore, and then Stambia DI Runtime will be able to connect.

Getting the certificate

You will need a certificate file (extension is usually .crt). This must be done out of Stambia DI.

The server administrator can generally provide this certificate.

Other ways to get the certificate are:

  • HTTPS servers: point a web browser to the URL and export the Certificate (search "how to export certificate using your_browser_name")
  • Using openssl command line
    > openssl s_client -connect <host>:<port> 
    CONNECTED(000001B0)
    [...]
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIAJHTCCAjkCBE3yCVIwDQYJKp87hvcNAQEFBQAwbTELMAkGA1UEBhMCRlIxDjAM
    BgNVBAgMBXJob25lMRIwEAYDVQQHDAlsb2NhbGhvc3QxEjAQBgNVBAoMCWxvY2Fs
    aG9zdDESMBAGA1UECwwJbG9jYWxob3N0MRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcN
    MTEwNj45FDwODUwMOIHMTIwNjA5MfTIwODUwWjBtMQswCQYDVQQGEwJGUjEOMAwG
    A1UECAwFcmhvbmUxEjAQBgNVBAcMCWxvY2FsaG9zdDESMBAGA1UECgwJbG9jYWxo
    b3N0MRIwEAYDVQQLDAlsb2NhbGhvc3QxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIw
    DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJtqhXrGNhWG8UpLS/gPN2NI0zSJ
    wMIyVNHwwOdg2Vj8R+Pbda+FX+DvDOGFRE3HWNgCw3WKN526c9p4EkCtr0K01Qc1
    GyXIuYagpzs/RrfkWFXoQ0pcTe9yilzlggYF0cYuweIGJCJMCzoyaupr4/Pd5N7K
    laDHyvVpGwNFLwfwNht6fToCfr7jZA8mp2OJ8VdqbhS7PoO2LSusN2ct0IhyXwFh
    YyjtFTslj8h6N5GSx/kMqUcEx+rbHslL1MTplgbG+X3S5oTIDqsgR0Il7W5IaBJl
    MyzyGMxPVi1U6auEouSpI+KYlRNO7EdTzod+hLn5H6SO8b7A9CEL67cw22UCAwEA
    ATANBgkqhkiG9w0BAQUFAA9k7zvjz851yH/hnGgwTTDCgaaZHzaOMuTq/DNLFDCL
    rYcDC1+yokwPicTJIUxPDQ/tYs51Ml0IDjz+j+0p44PDbonmMM+Axb4RJElzH66i
    tPGKqW2A8h5f9HJBiq5pRmLwqb2N5Gio8uPY3ncRaM9LbOvQ0A4VHTzy5PR+4w8t
    +hvuDDhSiD168nMljkyvXvlMJW8VlCgVBtq2ByFZA4s0xXSropqcIpIiwuWetnKp
    BnrTkZOAm/JsS8R2zE3n46sTo4Ej/on+7Z6524coS1ky9QXTQ21+TeXaO0xEOCUK
    AtHZbGYtCEEd3iI1eib3tuhssEJPyjXY9wkHV1rznx1r+fXHcA==
    -----END CERTIFICATE-----
    [...]

  • Copy the lines between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----", including these
  • Save these lines to a temporary "certificate.crt" file

Importing the certificate into your Java installation

This is usually done with the keytool utility, included in your Java distribution.

Example 1: adding the certificate to the default truststore

<JAVA_HOME>/bin/keytool -import -alias <server_name> -keystore <JAVA_HOME>/jre/lib/security/cacerts -file certificate.crt

 

Example 2: creating a specific truststore

<JAVA_HOME>/bin/keytool -import -alias alias01 -file D:\data\certificate.crt -keystore d:\data\myKeyStore.jks
Enter new keyfile password :
Re-enter new password :
Owner : C=FR
Issuer : C=FR
Serial Number : 0
Valid from: Thu Sep 25 18:01:13 PDT 1997 until: Wed Dec 24 17:01:13 PDT 1997
Certificate Fingerprints:
         MD5:  C0:5B:B9:6F:63:1B:5E:70:4C:E3:A1:C6:0F:2B:58:68
         SHA1 : F8:44:F1:BC:9B:19:8A:FA:8A:58:D4:7C:AC:D3:16:B8:92:79:66:78
         SHA256 : F2:9D:89:02:55:4C:F5:77:E5:13:C7:5F:06:CF:0B:2C:F1:C6:04:4B:D5:1F:E4:E6:FD:9B:98:A1:F0:A3:F4:C7
Trust this certificate? [no] :  yes
Certificate added to keystore

 

Please consult your Java distribution's documentation for further details.

Making sure that Stambia DI uses the certificate

When the certificate is installed in the default truststore of the Java installation, then Stambia DI will automatically use it.

When the certificate is installed in a specific location, you can specify the truststore on the Action by adding the following properties:

KEY_STORE: d:\data\myKeyStore.jks
KEY_STORE_TYPE: JKS
KEY_STORE_PASSWORD: <encrypted password>

Note: the password can be encrypted using the Runtime's encrypt <password> command.

 

Articles

Suggest a new Article!