Articles in this section

See more

Using a wildcard SSL Certificate for Portfolio

Avatar
Marcus
  • Updated

If a certificate from Microsoft Certificate Manager is exported as a PKCS12 certificate file, with the entire certificate chain and the key pair in the file, keytool can convert it into a JKS keystore for Portfolio.

To get the certificate alias for -srcalias from the .pfx file:

keytool -list -keystore <path to .pfx file> -storetype pkcs12

Certificates exported from Microsoft Certificate Manager will have a UUID as the alias; other sources may use "1" as the alias.

Converting into a keystore

To convert the .pfx file into a keystore, run the following command in Terminal (macOS) or Command Prompt (Windows). Parameters are listed on separate lines for clarity; they should be on a single line:

keytool -importkeystore 
        -srckeystore <path to .pfx file>
        -srcstoretype pkcs12
        -srcalias <certificate alias>
        -srcstorepass <password for .pfx file>
        -destkeystore keystore
        -deststoretype JKS
        -destalias extensis
        -destkeypass kaq8thefUphuTrexeSW3sp3m
        -deststorepass kaq8thefUphuTrexeSW3sp3m

The command will prompt the user for the password in the source certificate.

  • -srckeystore the path to keystore file we are importing
  • -srcstoretype the type of keystore we are importing
  • -srcalias the alias of the key pair, and its associated certificates, to import (see below)
  • -srcstorepass the password to use for the source keystore; if this parameter isn't used then keytool will prompt the user to enter it
  • -deststoretype the type of keystore we are exporting
  • -destkeystore the path to keystore file to export to; if the file does not exist, it is created
  • -destalias the alias to use for the key pair in the new keystore
  • -destkeypass the password to use for the alias in the keystore; Portfolio requires the alias password to match the store password
  • -deststorepass the password to use to open the destination keystore; since we are creating a new keystore, it sets the store password on the newly-created keystore instead

Once you have the new keystore file, you can drop it into Portfolio's data folder (Extensis/Portfolio Server/data/keystore) and restart the Portfolio services.

Related articles