1. Download the certificate in pfx (PKCS12) format from your organisation portal if trust chain is issued by org or create trust chain.
Import the certificate
keytool -importkeystore -srcstoretype JKS -srckeystore privatecertificate.pfx
-deststoretype PKCS12 -destkeystore infa_keystore.pkcs12
2. convert pfx to pem format
openssl pkcs12-in infa_keystore.pkcs12 -nodes -out infa_keystore.pem
3. convert pkcs12 to jks
keytool -importkeystore -srcstoretype PKCS12 -srckeystore infa_keystore.pkcs12
-deststoretype PKCS12 -destkeystore infa_keystore.jks
4. Import the root certificate into infa_truststore.jks. Below command will create theinfa_truststore.jks. file with root inside it . Trust the certififcate with yes when it is prompted.
keytool -import -alias root -keystore infa_truststore.jks -trustcerts -file "Root.crt"
5. Import the intermediate certificate into infa_truststore.jks. Below command will create theinfa_truststore.jks. file with root inside it . Trust the certififcate with yes when it is prompted.
keytool -import -alias root -keystore infa_truststore.jks -trustcerts -file "Intermediate.crt"
6.Import the public certificate into infa_truststore.jks. Below command will create theinfa_truststore.jks. file with root inside it . Trust the certififcate with yes when it is prompted.
keytool -import -alias root -keystore infa_truststore.jks -trustcerts -file "Cert.crt"
7. convert jks into pkcs12 format
keytool -importkeystore -srcstoretype JKS -srckeystore infa_truststore.jks
-deststoretype PKCS12 -destkeystore infa_truststore.pkcs12
7. convert pkcs12 into pem format
openssl pkcs12 -in infa_truststore.pkcs12 -nodes -out infa_truststore.pem
We have keystore and trust store in jks and pem format. We can use these trust chain for admin console and SSL connections.
to avoid confusion for domain and admin cosole keystore. We will copy the infa keystore to default keystore.
8. Copy infa keystore to default keystore.
cp infa_truststore.jks default.keystore
9. Copy these certificates into informatica default path which is below path.
cp infa_* $INFA_HOME/services/shared/
10. Go to ISP config and nodemeta.xml
cd $INFA_HOME/isp/config
cat nodemeta.xml | grep https
11. Shutdown the domain. Verify that no process running before proceed further step
./stopinfa.sh stop
12. Get the https port and setup the node with the https port using infa setup command.
cd $INFA_HOME/isp/bin
./infasetup.sh updategatewaynode -dn Domain_ISP -hs httpsportnumber -kf keystorefile -kp keystorepassword -nk pathofthekeystore -nkp truststorefilepassword -nt truststore -ntp trusstorepassword
then run the default path also
./infasetup.sh updategatewaynode -hs httpsportnumber -kf defaultkeystorefile -kp password
13. start the services
./startinfa.sh start
14. To check whether services are running fine
cd $INFA_HOME/logs/node
tail -50f catalina.out
15. Check all init methods called successfully from cataline.out file.
Verify admin console running fine by using the file node.log
tail -50f node.log
16. Copy these truststore files into client machine and place in Informatica installed directory/shared and connect from client machine..
No comments:
Post a Comment