Home

Importing a private certificate into Unravel truststore

You can import a private certificate in the Unravel truststore. Unravel bundles a wrapper script to help import self-signed certificates into the truststore.

Prerequisites:

  • openssl command

  • Python 2.7 installed

Limitation:

  • Doesn’t work with multiple certificates that have the same issuer name.

Script Location:

  • /usr/local/unravel/install_bin/cert_check.py

Arguments:

  • Required:

    --host hostname
    --port port number
  • Optional:

    --storepass truststore password
    --keystore truststore file path default: /usr/local/unravel/jre/lib/security/cacerts>

Example:

  1. Log into the server.

  2. Run the Python script to import the cert.

    sudo /usr/local/unravel/install_bin/cert_check.py --host test.unraveldata.com --port 8443
  3. If the certificate is not already in the trust store it prompts for confirmation.

    • Type y to automatically import it into the Unravel truststore.

      Cert not found in the truststore do you want to add new cert to truststore [y/n]
      y
      Adding new certs in /usr/local/unravel/jre/lib/security/cacerts with alias name  test.unraveldata.com
      Owner: CN=*unraveldata
      Issuer: CN=*unraveldata
      Serial Number: 409be60a
      Valid from: Fri Sep 14 21:13:43 PDT 2019 until: Sun Aug 21 21:13:43 PDT 2019
      Certificate fingerprints:
             MD5: D1:16:B9:8D:22:61:48:AB:C1:43:28:89:BC:97:81:F4
             SHA1 A6:63:5E:B5:84:3F:B6:C2:33:29:C2:72:E0::72:A7:FE:D6:9F:B0:55
             SHA256: E6:67:E9:B5:85:F7:D6:F2:37:A9:F2:*2:B0::72:B8:EE:D7:92:D0:75
      Signature algorithm name: SHA512withRSA
      Subject Public Key Algorithm: 2048-bit RSA key
      Version: 3
      
      Extensions:
      
      #1: ObjectID: 2.5.29.14 Criticality=fale
      SubjectKeyIdentifier [
      Key Identifer [
      0000: 89 E3 E0 5C 69 AZ 83 23   9D 80 95 A3 3F 6B 48 82   ...\i..#....?kH
      0010: 94 09 ED DF                                         ....
      ]
      ]
      
      
      Trust this certificate? [no]:   yes
      Certificate was added to keystore
    • Type n to print it on the screen for manual import.

      Cert not found in the truststore do you want to add new cert to truststore [y/n]
      n
      -----BEGIN CERTIFICATE-----
      MIIC@TCAAACjkjdfsaasdfjiiACASJklsdfi'msdf01ej01d9FMRqodjaldasdk0
      sdfj0q4rwF+lqctaMNDp0asdfLM+MKDJALD/FSAL9dajaj134kjlZE0had9/sadfj
      MIIC@TCAAACjkjdfsaasdfjiiACASJklsdfi'msdf01ej01d9FMRqodjaldasdk0l
      sdfj0q4rwF+lqctaMNDp0asdfLM+MKDJALD/FSAL9daj'j134kjlZE0had9/sadfj
      MIIC@TCAAACjkjdfsaasdfjiiACASJklsdfi'msdf01ej01d9FMRqodjaldasdk0l
      sdfj0q4rwF+lqctaMNDp0asdfLM+MKDJALD/FSAL9daj'j134kjlZE0had9/sadfj
      MIIC@TCAAACjkjdfsaasdfjiiACASJklsdfi'msdf01ej01d9FMRqodjaldasdk0l
      sdfj0q4rwF+lq'j134kjlZE0had9/sadfjctaMNDp0asdfLM+MKDJALD/FSAL9daj
      j134kjlZE0had9/sadfjMIIC@TCAAACjkjdfsafi'msdf01ej01d9FMRqodjaldas
      k0lasdfjiiACASJklsdsdfj0q4rwF+lqctaMNDp0asdfLM+MKDJALD/FSAL9daj'j
      134kjlZE0aasdfjiiACASJklsdMIIC@TCAAACjkjdfsfi'msdf01ej01d9FMRqodj
      aldasdk0lsdfj0q4rwF+lqctaMNDp0asdfLM+MKDJALD/FSAL9daj'j134kjlZE0h
      ad9/sadfjMIjkjdfsaasdfjiiACASJklsdfi'mIC@TCAAACsdf01eodjaldasdk0l
      j01d9FMRqsdfj0q4rwF+lqctaMNDp0asdfLM+MKDJALD/FSAL9daj'j134kjlZE0j
      had9/sadfjMIIC@TCAAACjkjdfsaasdfjiiACASJklsdfi'msdf01ej01d9FMRqod
      jaldasdk0lsdfj0q4rwF+lqctaMNDp0asdfLM+MKDJALD/FSAL9daj'j134kjlZE0
      jiiACASJklsdfi'msdf01ej01==
      -----END CERTIFICATE-----
      Cert not found in trustore please add the above cert to truststore