How To Replace R1Soft SSL/TLS Certificate
R1Soft runs on Java and doesn't make it easy to replace certificates
This article will assume your private key is not password-protected, and the following filenames. Please adjust the example commands or rename your files.
| Cert Type | File Name |
|---|---|
| Private key: | PrivateKeyNoPassphrase.key |
| Public certificate: | PublicWildcard.domain.tld.crt |
| Public cert authority intermediate cert: | PublicIntermediate-ca.crt |
cd ~ && yum install -y unzip wgetvim PrivateKeyNoPassphrase.key
vim PublicWildcard.domain.tld.crt
vim PublicIntermediate-ca.crtopenssl pkcs8 -topk8 -nocrypt -in /root/PrivateKeyNoPassphrase.key -inform PEM -out /root/PrivateKeyNoPassphrase.key.der -outform DER && \
openssl x509 -in /root/PublicWildcard.domain.tld.crt -inform PEM -out /root/PublicWildcard.domain.tld.crt.der -outform DERcd /usr/sbin/r1soft/jre/bin && chmod 755 java keytoolwget http://igniterealtime.jiveon.com/servlet/JiveServlet/download/196707-4718/importkey.zip && \
unzip importkey.zip./java ImportKey /root/PrivateKeyNoPassphrase.key.der /root/PublicWildcard.domain.tld.crt.der cdp && \
./keytool -storepasswd -keystore /root/keystore.ImportKey && \
./keytool -keypasswd -alias cdp -keystore /root/keystore.ImportKeymv /root/keystore.ImportKey /root/keystore && \
./keytool -import -alias intermed -file /root/PublicIntermediate-ca.crt -keystore /root/keystore -trustcacertsmv /usr/sbin/r1soft/conf/keystore{,.bak}cp /root/keystore /usr/sbin/r1soft/conf/keystoreservice cdp-server restartimportkey
password
password
password
importkey
password
password
password