Versions Compared

Old Version 35

changes.mady.by.user John McKeever

Saved on

compared with

New Version 36

changes.mady.by.user John McKeever

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
keytool -genkey -keyalg RSA -alias workbench -keystore <path-to-keystore> 
        -storepass <store-password> -storetype PKCS12 -keysize 2048 
        -sigalg SHA256withRSA -dname "CN=<host url>"
        -ext san=dns:engine.yourdomain.com
         -validity <days-valid>

Please replace the <placeholder-values> in this command based on the following descriptions:

Placeholder

Description

Example Value

path-to-keystore

Full qualified path of the key store to be created

/opt/dm/mci/workbench.p12 (Unix)

C:\dm\mci\workbench.p12 (Windows)

store-password

Password required when reading or writing to the newly created key store

Choose a random password string.

Note that the key stores supplied with Java have a default password of changeit.

host-url

The domain name of the URL that will be used to access Workbench in your browser. This does not include the protocol or port numbers. For example, dev-engine.datamigrators.com

your-engine.yourdomain.com

(no port number)

days-valid

The number of days for which the key should remain valid

Note that the key stores supplied with Java have a default validity of 180 days.

For example, this command creates a keystore called workbench.p12 in the MettleCI home directory for use with workbench currently accessed at URL http://my-engine.datamigrators.com:8080:

Expand
titleWindows
Code Block
languagebash
keytool -genkey -keyalg RSA -alias workbench -keystore C:\dm\mci\workbench.p12
-storepass changeit -storetype PKCS12 -keysize 2048
-sigalg SHA256withRSA -dname "CN=engine.datamigrators.com"
-ext san=dns:engine.datamigrators.com
-validity 365

You can verify your keystore by listing the certificates within it. You’ll need to re-enter your keystore password, which is 'changeit' (no quotes) in our example.

Code Block
keytool -list -v -keystore C:\dm\mci\workbench.p12 -storetype PKCS12
Enter keystore password: ********

If you need to export your certificate for signing you can use a command like the following:

Code Block
keytool -certreq -keyalg RSA -alias workbench -keystore C:\dm\mci\workbench.p12
-storepass changeit -sigalg SHA256withRSA -file C:\dm\mci\workbench.csr
Expand
titleUnix
Code Block
languagebash
keytool -genkey -keyalg RSA -alias workbench -keystore /opt/dm/mci/workbench.p12 \
-storepass changeit -storetype PKCS12 -keysize 2048 \
-sigalg SHA256withRSA -dname "CN=engine.datamigrators.com" \
-ext san=dns:engine.datamigrators.com
-validity 365

Ensure that your keystore has at least 644 (rw-r--r--) privileges.

Ensure that your keystore is owned by mciworkb:dstage.

You can verify your keystore by listing the certificates within it. You’ll need to re-enter your keystore password, which is 'changeit' (no quotes) in our example above.

Code Block
languagebash
keytool -list -v -keystore /opt/dm/mci/workbench.p12 -storetype PKCS12
Enter keystore password: ********

If you need to export your certificate for signing you can use a command like the following:

Code Block
keytool -certreq -keyalg RSA -alias workbench -keystore /opt/dm/mci/workbench.p12 -storepass changeit \
-sigalg SHA256withRSA -file /opt/dm/mci/workbench.csr

...