Skip to main content

Home

Importing a private certificate into Unravel truststore

You can import a private certificate in the Unravel truststore. Unravel bundles a wrapper script to help import self-signed certificates into the truststore.

Prerequisites:

  • openssl command

  • Python 2.7 installed

Limitation:

  • Doesn’t work with multiple certificates that have the same issuer name.

Script Location:

  • /usr/local/unravel/install_bin/cert_check.py

Arguments:

  • Required:

    --host hostname
    --port port number

  • Optional:

    --storepass truststore password
    --keystore truststore file path default: /usr/local/unravel/jre/lib/security/cacerts>

Example:

  1. Log into the server.

  2. Run the Python script to import the cert.

    sudo /usr/local/unravel/install_bin/cert_check.py --host test.unraveldata.com --port 8443

  3. If the certificate is not already in the trust store it prompts for confirmation.

    • Type y to automatically import it into the Unravel truststore.

      Cert not found in the truststore do you want to add new cert to truststore [y/n]
y
Adding new certs in /usr/local/unravel/jre/lib/security/cacerts with alias name  test.unraveldata.com
Owner: CN=*unraveldata
Issuer: CN=*unraveldata
Serial Number: 409be60a
Valid from: Fri Sep 14 21:13:43 PDT 2019 until: Sun Aug 21 21:13:43 PDT 2019
Certificate fingerprints:
       MD5: D1:16:B9:8D:22:61:48:AB:C1:43:28:89:BC:97:81:F4
       SHA1 A6:63:5E:B5:84:3F:B6:C2:33:29:C2:72:E0::72:A7:FE:D6:9F:B0:55
       SHA256: E6:67:E9:B5:85:F7:D6:F2:37:A9:F2:*2:B0::72:B8:EE:D7:92:D0:75
Signature algorithm name: SHA512withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectID: 2.5.29.14 Criticality=fale
SubjectKeyIdentifier [
Key Identifer [
0000: 89 E3 E0 5C 69 AZ 83 23   9D 80 95 A3 3F 6B 48 82   ...\i..#....?kH
0010: 94 09 ED DF                                         ....
]
]


Trust this certificate? [no]:   yes
Certificate was added to keystore

    • Type n to print it on the screen for manual import.

      Cert not found in the truststore do you want to add new cert to truststore [y/n]
n
-----BEGIN CERTIFICATE-----
MIIC@TCAAACjkjdfsaasdfjiiACASJklsdfi'msdf01ej01d9FMRqodjaldasdk0
sdfj0q4rwF+lqctaMNDp0asdfLM+MKDJALD/FSAL9dajaj134kjlZE0had9/sadfj
MIIC@TCAAACjkjdfsaasdfjiiACASJklsdfi'msdf01ej01d9FMRqodjaldasdk0l
sdfj0q4rwF+lqctaMNDp0asdfLM+MKDJALD/FSAL9daj'j134kjlZE0had9/sadfj
MIIC@TCAAACjkjdfsaasdfjiiACASJklsdfi'msdf01ej01d9FMRqodjaldasdk0l
sdfj0q4rwF+lqctaMNDp0asdfLM+MKDJALD/FSAL9daj'j134kjlZE0had9/sadfj
MIIC@TCAAACjkjdfsaasdfjiiACASJklsdfi'msdf01ej01d9FMRqodjaldasdk0l
sdfj0q4rwF+lq'j134kjlZE0had9/sadfjctaMNDp0asdfLM+MKDJALD/FSAL9daj
j134kjlZE0had9/sadfjMIIC@TCAAACjkjdfsafi'msdf01ej01d9FMRqodjaldas
k0lasdfjiiACASJklsdsdfj0q4rwF+lqctaMNDp0asdfLM+MKDJALD/FSAL9daj'j
134kjlZE0aasdfjiiACASJklsdMIIC@TCAAACjkjdfsfi'msdf01ej01d9FMRqodj
aldasdk0lsdfj0q4rwF+lqctaMNDp0asdfLM+MKDJALD/FSAL9daj'j134kjlZE0h
ad9/sadfjMIjkjdfsaasdfjiiACASJklsdfi'mIC@TCAAACsdf01eodjaldasdk0l
j01d9FMRqsdfj0q4rwF+lqctaMNDp0asdfLM+MKDJALD/FSAL9daj'j134kjlZE0j
had9/sadfjMIIC@TCAAACjkjdfsaasdfjiiACASJklsdfi'msdf01ej01d9FMRqod
jaldasdk0lsdfj0q4rwF+lqctaMNDp0asdfLM+MKDJALD/FSAL9daj'j134kjlZE0
jiiACASJklsdfi'msdf01ej01==
-----END CERTIFICATE-----
Cert not found in trustore please add the above cert to truststore
In this section: