Page History

...

1. Start a Windows Command Prompt by clicking Start > Command Prompt. Alternatively, you can go to Start > Run > type cmd without quotes and press <Enter>.
2. Use C: and then cd\ commands to go to the root directory of the disk C, where the key and certificates are located.
3. Run the following commands to convert the key and the certificate from PEM to DER format.
   C:\OpenSSL\bin\openssl pkcs8 -topk8 -nocrypt -in wildcard.r1soft.com.key -inform PEM -out wildcard.r1soft.com.key.der -outform DER
C:\OpenSSL\bin\openssl x509 -in wildcard.r1soft.com.crt -inform PEM -out wildcard.r1soft.com.crt.der -outform DER
4. Use the cd command to go to the directory where keytool is located.
   cd Ccd "C:\Program Files\Idera Server Backup\jre\bin\"
5. Use Internet Explorer to download the ImportKey utility.
6. Point Internet Explorer to http://community.igniterealtime.org/servlet/JiveServlet/download/196707-4718/importkey.zip. Unzip the utility to C:\Program Files\Idera Server Backup\jre\bin directory.

7. Run the following command. It will launch the ImportKey utility and create the keystore file (default name is keystore.ImportKey) in your home directory (in Windows 2008 it is usually C:\Users\<your username>). The private key and the certificate will be placed there.
   java ImportKey c:\wildcard.r1soft.com.key.der c:\wildcard.r1soft.com.crt.der

   Info
   The keystore's password and the key's passwords must be set to password.

8. The following command will allow you to set the password for your keystore file. The default password is importkey. Enter it when prompted and then type the new password, which must be set to "password".
   keytool -storepasswd -keystore c:\Users\Administrator\keystore.ImportKey
9. This command will allow you to set the password for the key file in the keystore. The default password is importkey. Enter it when prompted and then type the new password, which must be set to "password".
   keytool -keypasswd -alias importkey -keystore ketstore c:\Users\Administrator\keystore.ImportKey
10. Use Internet Explorer to download the intermediate certificate chain for GoDaddy Certification Authority (CA).
11. Point Internet Explorer to https://certificates.godaddy.com/repository/sf_issuing.crt.
12. Save the intermediate certificate chain to the root directory of the disk C.

13. Import the received trusted certificate into your keystore file.
    keytool -import -alias intermed -file c:\sf_issuing.crt -keystore c:\Users\Administrator\keystore.ImportKey -trustcacerts

    Info
    Internet Explorer may change the file extension. So if the command above does not work, try sf_issuing.cer instead of sf_issuing.crt.

14. Open Windows Explorer. Navigate to the directory C:\Program Files\Idera Server Backup\conf.
15. Rename the file keystore to keystore.old. Then rename the file C:\Users\<your username>\keystore.ImportKey to C:\Program Files\Idera Server Backup\conf\keystore.
16. Restart Backup Manager service.

...

1. Establish a SSH connection to the Linux server where the Backup Manager is installed. Or log in on the text Linux console. You should either log in as root or obtain root permissions after login via su or sudo command.

   Info
   Your home directory should be set to /root.

2. Upload the key and the certificate to Backup Manager.
3. Use the cd command to go to the directory where the keys are in.
4. Run the following commands to convert the key and the certificate files from PEM into DER format.
   openssl openSSL pkcs8 -topk8 -nocrypt -in wildcard.r1soft.com.key -inform PEM -out wildcard.r1soft.com.key.der -outform DER
   openssl openSSL x509 -in wildcard.r1soft.com.crt -inform PEM -out wildcard.r1soft.com.crt.der -outform DER
5. Use the cd command to go to the directory where keytool is located.
   cd /usr/sbin/r1soft/jre/bin
6. Give everybody the permissions to execute the  the keytool and java applications. The versions of these application hat come with Backup Manager are not executable, so you have to run chmod 755 it.
   chmod 755 java keytool
7. Use the wget command to download the ImportKey utility:
   wget http://community.igniterealtime.org/servlet/JiveServlet/download/196707-4718/importkey.zip
8. Unzip ImportKey.zip.
   unzip importkey.zip

9. Run the following command. It will launch the ImportKey utility and create the keystore file (default name is keystore.ImportKey) in your home directory (root). The private key and the certificate will be placed there.
   ./java ImportKey /root/wildcard.r1soft.com.key.der /root/wildcard.r1soft.com.crt.der

   Info
   The keystore's password and the key's passwords must be set to password.

10. The following command will allow you to set the password for your keystore file. The default password is importkey. Enter it when prompted and then type the new password, which must be set to "password".
    ./keytool -storepasswd sorepasswd -keystore /root/keystore.ImportKey
11. This command will allow you to set the password for the key file in the keystore. The default password is importkey. Enter it when prompted and then type the new password, which must be set to "password".
    ./keytool -keypasswd -alias importkey -keystore /root/keystore.ImportKey
12. Rename the keystore.ImportKey file (default name) into keystore.
    mv /root/keystore.ImportKey /root/keystore
13. Run the following command to download the trusted certificate from the Certification Authority (CA). In our example, we connect to Go Daddy.
    wget -no-check-certificate -O /root/sf_issuing.crt https://certificates.godaddy.com/repository/sf_issuing.crt
14. Import the received trusted certificate into your keystore file.
    ./keytool -import -alias intermed -file /root/sf_issuing.crt -keystore /root/keystore -trustcacerts
15. You may have another keystore in your R1Soft folder. To make a backup copy of it, you should rename it (for example, to "keystore.old" as shown in the following example).
    mv /usr/sbin/r1soft/conf/keystore /usr/sbin/r1soft/conf/keystore.old
16. Copy the new keystore file to your R1Soft folder.
    cp /root/keystore /usr/sbin/r1soft/conf/keystore
17. Restart Backup Manager.
    /etc/init.d/cdp-server restart

keytool Options

• alias. All keystore entries are accessed via unique aliases. Aliases are case-insensitive. An alias is specified when you add an entity to the keystore using the -import command. Subsequent keytool commands must use this same alias to refer to the entity.
• file. Define absolute or relative path to your certificate file. If you define only file name, it means, that the file is located in the root directory.
• keystore. Each keytool command has a -keystore option for specifying the name and location of the persistent keystore file for the keystore managed by keytool. A keystore is created when you use -import command to add data to a keystore that does not already exist. If you do not specify a -keystore option, the default keystore is a file named .keystore in your home directory (as determined by the "user.home" system property). If that file does not already exist, it will be created.

...

Given user name uName, the "user.home" property value defaults to:
{code}
C:\Winnt\Profiles\uName on multi-user Windows NT systems
C:\Windows\Profiles\uName on multi-user Windows 95 systems
C:\Windows on single-user Windows 95 systems
{code}
{excerpt}
Read more about Java keytool for Windows:
http://java.sun.com/javase/6/docs/technotes/tools/windows/keytool.html
{excerpt:hidden=true}
Linux:
The keystore is by default stored in a file named .keystore in the user's home directory, as determined by the "user.home" system property. If you do not specify a -keystore option, the default keystore is a file named .keystore in your home directory.{excerpt}

Read more about Java keytool for Linux:
http://download.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html.
Configuring Backup Manager for SSL Communication
See Configure Web Server Options.
{excerpt:hidden=true}
Instructions on how to install a certificate signed by an authority.
{excerpt} 

Need more help? Search the Idera Customer Support Portal

...