Page History
...
- Start a Windows Command Prompt by clicking Start > Command Prompt. Alternatively, you can go to Start > Run > type cmd without quotes and press <Enter>.
- Use
C:
and thencd\
commands to go to the root directory of the disk C, where the key and certificates are located. - Run the following commands to convert the key and the certificate from PEM to DER format.
C:\OpenSSL\bin\openssl pkcs8 -topk8 -nocrypt -in wildcard.r1soft.com.key -inform PEM -out wildcard.r1soft.com.key.der -outform DER
C:\OpenSSL\bin\openssl x509 -in wildcard.r1soft.com.crt -inform PEM -out wildcard.r1soft.com.crt.der -outform DER
- Use the
cd
command to go to the directory where keytool is located.
cdCcd "C:\Program Files\Idera Server Backup\jre\bin\"
- Use Internet Explorer to download the ImportKey utility.
- Point Internet Explorer to http://community.igniterealtime.org/servlet/JiveServlet/download/196707-4718/importkey.zip. Unzip the utility to
C:\Program Files\Idera Server Backup\jre\bin
directory. Run the following command. It will launch the ImportKey utility and create the keystore file (default name is keystore.ImportKey) in your home directory (in Windows 2008 it is usually
C:\Users\<your username>
). The private key and the certificate will be placed there.java ImportKey c:\wildcard.r1soft.com.key.der c:\wildcard.r1soft.com.crt.der
Info The keystore's password and the key's passwords must be set to password.
- The following command will allow you to set the password for your keystore file. The default password is importkey. Enter it when prompted and then type the new password, which must be set to "password".
keytool -storepasswd -keystore c:\Users\Administrator\keystore.ImportKey
- This command will allow you to set the password for the key file in the keystore. The default password is importkey. Enter it when prompted and then type the new password, which must be set to "password".
keytool -keypasswd -alias importkey -
keystoreketstore c:\Users\Administrator\keystore.ImportKey
- Use Internet Explorer to download the intermediate certificate chain for GoDaddy Certification Authority (CA).
- Point Internet Explorer to https://certificates.godaddy.com/repository/sf_issuing.crt.
- Save the intermediate certificate chain to the root directory of the disk C.
Import the received trusted certificate into your keystore file.
keytool -import -alias intermed -file c:\sf_issuing.crt -keystore c:\Users\Administrator\keystore.ImportKey -trustcacerts
Info Internet Explorer may change the file extension. So if the command above does not work, try sf_issuing.cer instead of sf_issuing.crt.
- Open Windows Explorer. Navigate to the directory
C:\Program Files\Idera Server Backup\conf
. - Rename the file
keystore
tokeystore.old
. Then rename the fileC:\Users\<your username>\keystore.ImportKey
toC:\Program Files\Idera Server Backup\conf\keystore
. - Restart Backup Manager service.
...
Establish a SSH connection to the Linux server where the Backup Manager is installed. Or log in on the text Linux console. You should either log in as root or obtain root permissions after login via
su
orsudo
command.Info Your home directory should be set to /root.
- Upload the key and the certificate to Backup Manager.
- Use the
cd
command to go to the directory where the keys are in. - Run the following commands to convert the key and the certificate files from PEM into DER format.
opensslopenSSL pkcs8 -topk8 -nocrypt -in wildcard.r1soft.com.key -inform PEM -out wildcard.r1soft.com.key.der -outform DER
opensslopenSSL x509 -in wildcard.r1soft.com.crt -inform PEM -out wildcard.r1soft.com.crt.der -outform DER
- Use the
cd
command to go to the directory wherekeytool
is located.cd /usr/sbin/r1soft/jre/bin
- Give everybody the permissions to execute the the
keytool
andjava
applications. The versions of these application hat come with Backup Manager are not executable, so you have to runchmod 755
it.chmod 755 java keytool
- Use the
wget
command to download the ImportKey utility:wget http://community.igniterealtime.org/servlet/JiveServlet/download/196707-4718/importkey.zip
- Unzip ImportKey.zip.
unzip importkey.zip
Run the following command. It will launch the ImportKey utility and create the keystore file (default name is
keystore.ImportKey
) in your home directory (root). The private key and the certificate will be placed there../java ImportKey /root/wildcard.r1soft.com.key.der /root/wildcard.r1soft.com.crt.der
Info The keystore's password and the key's passwords must be set to password.
- The following command will allow you to set the password for your keystore file. The default password is importkey. Enter it when prompted and then type the new password, which must be set to "password".
./keytool -
storepasswdsorepasswd -keystore /root/keystore.ImportKey
- This command will allow you to set the password for the key file in the keystore. The default password is importkey. Enter it when prompted and then type the new password, which must be set to "password".
./keytool -keypasswd -alias importkey -keystore /root/keystore.ImportKey
- Rename the
keystore.ImportKey
file (default name) into keystore.mv /root/keystore.ImportKey /root/keystore
- Run the following command to download the trusted certificate from the Certification Authority (CA). In our example, we connect to Go Daddy.
wget -no-check-certificate -O /root/sf_issuing.crt https://certificates.godaddy.com/repository/sf_issuing.crt
- Import the received trusted certificate into your keystore file.
./keytool -import -alias intermed -file /root/sf_issuing.crt -keystore /root/keystore -trustcacerts
- You may have another keystore in your R1Soft folder. To make a backup copy of it, you should rename it (for example, to "keystore.old" as shown in the following example).
mv /usr/sbin/r1soft/conf/keystore /usr/sbin/r1soft/conf/keystore.old
- Copy the new keystore file to your R1Soft folder.
cp /root/keystore /usr/sbin/r1soft/conf/keystore
- Restart Backup Manager.
/etc/init.d/cdp-server restart
keytool Options
- alias. All keystore entries are accessed via unique aliases. Aliases are case-insensitive. An alias is specified when you add an entity to the keystore using the
-import
command. Subsequent keytool commands must use this same alias to refer to the entity. - file. Define absolute or relative path to your certificate file. If you define only file name, it means, that the file is located in the root directory.
- keystore. Each keytool command has a
-keystore
option for specifying the name and location of the persistent keystore file for the keystore managed by keytool. A keystore is created when you use-import
command to add data to a keystore that does not already exist. If you do not specify a-keystore
option, the default keystore is a file named.keystore
in your home directory (as determined by the "user.home" system property). If that file does not already exist, it will be created.
...
Given user name uName, the "user.home" property value defaults to:
{code}
C:\Winnt\Profiles\uName on multi-user Windows NT systems
C:\Windows\Profiles\uName on multi-user Windows 95 systems
C:\Windows on single-user Windows 95 systems
{code}
{excerpt}
Read more about Java keytool for Windows:
http://java.sun.com/javase/6/docs/technotes/tools/windows/keytool.html
{excerpt:hidden=true}
Linux:
The keystore is by default stored in a file named .keystore in the user's home directory, as determined by the "user.home" system property. If you do not specify a -keystore option, the default keystore is a file named .keystore in your home directory.{excerpt}
Read more about Java keytool for Linux:
http://download.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html.
Configuring Backup Manager for SSL Communication
See Configure Web Server Options.
{excerpt:hidden=true}
Instructions on how to install a certificate signed by an authority.
{excerpt}
Need more help? Search the Idera Customer Support Portal
...