& 18



If a user has an existing PKCS#12 key that they got from a certificate authority or somewhere else, and they want to use it in the NetLD, this is how they can do that.


In the command examples below, PFX_FILE is the key file name, and KEY_NAME is the name of the key in the PKCS file.


Virtual Appliance:

On a new Virtual Appliance (VA) all keytool commands must be run from /usr/share/netld/java/bin.

[tcadmin@netld]$ cd /usr/share/netld/java/bin
[tcadmin@netld]$ sudo keytool -importkeystore -srcstoretype pkcs12 -destkeystore /data/netld/.keystore -deststoretype pkcs12 -deststorepass ziptie -destalias ziptie -destkeypass ziptie -srckeystore <PFX_FILE> -srcalias <KEY_NAME>


After updating the certificate the virtual appliance needs to be restarted in order for the new certificate to take effect.


If you don't know the KEY_NAME in the existing key file you can run this command and it will show use the name as the "FriendlyName":

[tcadmin@netld]$ openssl pkcs12 -info -in <PFX_FILE> -nokeys

If you need delete the existing SSL certificate enter the following command:

[tcadmin@netld]# sudo /usr/share/netld/java/bin/keytool -delete -alias ziptie -keystore /data/netld/.keystore


Linux:


[root@netld]# cd /usr/share/netld

[root@netld]# keytool -importkeystore -srcstoretype pkcs12 -destkeystore config/.keystore -deststoretype jks -deststorepass ziptie -destalias ziptie -destkeypass ziptie -srckeystore <PFX_FILE> -srcalias <KEY_NAME>


If you don't know the KEY_NAME in the existing key file you can run this command and it will show use the name as the "FriendlyName":

[root@netld]# openssl pkcs12 -info -in <PFX_FILE> -nokeys

If you need delete the existing SSL certificate enter the following command:

[root@netld]# keytool -delete -alias ziptie -keystore config/.keystore -storepass ziptie

 *In case of importing PEM file instead of PFX file* 

[root@netld]# keytool -import -alias ziptie -keystore config/.keystore -file <PEM_FILE>

After replacing the file, please restart the netld service.

Windows:

Open a cmd.exe shell as Administrator and execute the following command in the Net LineDancer installation directory:

C:\Program Files\Net LineDancer> java\bin\keytool -importkeystore -srcstoretype pkcs12 -destkeystore config\.keystore -deststoretype jks -deststorepass ziptie -destalias ziptie -destkeypass ziptie -srckeystore <PFX_FILE> -srcalias <KEY_NAME>

If you don't know the KEY_NAME in the existing key file you can run this command and it will show use the name as the "Alias name":

C:\Program Files\Net LineDancer> java\bin\keytool -v -list -storetype pkcs12 -keystore <PFX_FILE>


If you need delete the existing SSL certificate enter the following command:

C:\Program Files\Net LineDancer> java\bin\keytool -delete -alias ziptie -keystore config\.keystore -storepass ziptie


After replacing the file, please restart the netld service.