You can import your existing certificate authority certificate authority (CA) signed certificate in API Behavioral Security (ABS).
Stop ABS if it is already running to import the CA-signed certificate.
To import the CA-signed certificate:
-
Export your CA-signed certificate to the PKCS12 store by entering the following
command:
# openssl pkcs12 -export -in <your_CA_cerficate>.crt -inkey <your_certificate_key>.key -out abs.p12 -name <alias_name>
# openssl pkcs12 -export -in ping.crt -inkey ping.key -out abs.p12 -name exampleCAcertificate Enter Export Password: Verifying - Enter Export Password:
Note:If you have an intermediate certificate from the CA, then append the content to the<your_CA_certificate>.crtfile.
-
Import the certificate and key from the PKCS12 store to Java KeyStore (JKS) by entering the following command:
# keytool -importkeystore -destkeystore abs.jks -srckeystore abs.p12 -srcstoretype PKCS12 -alias <alias_name>-storetype jks
# keytool -importkeystore -destkeystore abs.jks -srckeystore abs.p12 -srcstoretype PKCS12 -alias exampleCAcertificate -storetype jks Importing keystore abs.p12 to abs.jks... Enter destination keystore password: Re-enter new password: Enter source keystore password:
Note:The command requires the destination keystore password. The destination keystore password entered in the command should be the same as configured in the abs.properties file.
Here is a snippet of the abs.properties file where the destination keystore password is stored. The password is obfuscated.
# Java Keystore password jks_password=OBF:AES:Q3vcrnj7VZILTPdJnxkOsyimHRvGDQ==:daYWJ5QgzxZJAnTkuRlFpreM1rsz3FFCulhAUKj7ww4=
- Copy the abs.jks file that you created in step 2 to the /opt/pingidentity/abs/config/ssl directory.
-
Start ABS by entering the following command:
# /opt/pingidentity/abs/bin/start.sh Starting API Behavioral Security 4.0... please see /opt/pingidentity/abs/logs/abs/abs.log for more details