Versions Compared

Old Version 46

changes.mady.by.user John McKeever

Saved on

compared with

New Version 47

changes.mady.by.user John McKeever

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For example, this command creates a keystore called workbench.p12 in the MettleCI home directory for use with workbench currently accessed at URL http://my-engine.datamigrators.com:8080:

...

titleWindows

This example generates a key with a 365-day validity.

C:\dm\mci\> keytool -genkey -keyalg RSA -alias workbench -keystore workbench.p12 -storepass changeit -storetype PKCS12 -keysize 2048 -sigalg SHA256withRSA -dname "CN=engine.datamigrators.com" -ext san=dns:engine.datamigrators.com -validity 365 Enter keystore password: ******** Re-enter new password: ******** What is your first and last name? [Unknown]: Peter Parker What is the name of your organizational unit? [Unknown]: MettleCI What is the name of your organization? [Unknown]: Data Migrators What is the name of your City or Locality? [Unknown]: Melbourne What is the name of your State or Province? [Unknown]: Victoria What is the two-letter country code for this unit? [Unknown]: AU Is CN=Peter Parker, OU=MettleCI, O=Data Migrators, L=Melbourne, ST=Victoria, C=AU correct? [no]: yes Enter key password for <workbench> (RETURN if same as keystore password): Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:dmmciworkbench.p12 -destkeystore workbench.p12 -deststoretype pkcs12". C:\dm\mci\>
Code Block
languagebash
Info

Note that in the example above you must ensure that both instances of engine.datamigrators.com is replaced with the domain name of your DataStage engine, which you can get from the Workbench URL (e.g. mydsengine.acmesandwichmakers.com).

You can verify your keystore by listing the certificates within it. You’ll need to re-enter your keystore password, which is 'changeit' (no quotes) in our example.

Code Block
keytool -list -v -keystore C:\dm\mci\workbench.p12 -storetype PKCS12
Enter keystore password: ********

If you need to export your certificate for signing you can use a command like the following:

Code Block
keytool -certreq -keyalg RSA -alias workbench -keystore C:\dm\mci\workbench.p12
-storepass changeit -sigalg SHA256withRSA -file C:\dm\mci\workbench.csr
Expand
titleUnix

This example generates a key with a 365-day validity.

Code Block
languagebash
$> keytool -genkey -keyalg RSA -alias workbench -keystore workbench.p12 \
-storepass changeit -storetype PKCS12 -keysize 2048 \
-sigalg SHA256withRSA -dname "CN=engine.datamigrators.com" \
-ext san=dns:engine.datamigrators.com \
-validity
365 Enter keystore password: ******** Re-enter new password: ******** What is your first and last name? [Unknown]: Peter Parker What is the name of your organizational unit? [Unknown]: MettleCI What is the name of your organization? [Unknown]: Data Migrators What is the name of your City or Locality? [Unknown]: Melbourne What is the name of your State or Province? [Unknown]: Victoria What is the two-letter country code for this unit? [Unknown]: AU Is CN=Peter Parker, OU=MettleCI, O=Data Migrators, L=Melbourne, ST=Victoria, C=AU correct? [no]: yes Enter key password for <workbench> (RETURN if same as keystore password): Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:dmmciworkbench.p12 -destkeystore workbench.p12 -deststoretype pkcs12". $>info
3650
Note

Note that in the example above you must ensure that both instances of engine.datamigrators.com is replaced with the domain name of your DataStage engine, which you can get from the Workbench URL (e.g. mydsengine.acmesandwichmakers.com)

.

Ensure that your keystore has at least 644 (rw-r--r--) privileges.

Ensure that your keystore is owned by mciworkb:dstage.

You can verify your keystore by listing the certificates within it. You’ll need to re-enter your keystore password, which is 'changeit' (no quotes) in our example

...

.

keytool -list -v -keystore
/opt/dm/mci/
workbench.p12 -storetype PKCS12
Enter keystore password: ********
Code Block
languagebash

If you need to export your certificate for signing you can use a command like the following:

Code Block
keytool -certreq -keyalg RSA -alias workbench -keystore
/opt/dm/mci/
workbench.p12
-storepass changeit
\ 
-sigalg SHA256withRSA -file
/opt/dm/mci/
C:\dm\mci\workbench.csr

Note that with the exception of keytool -list the keytool command will not normally return a value to the console.

...