Praveen – I find the easiest way is to convert to pkcs12 (aka .pfx or .pfx) and
then jks. (Note: JKS is an old and proprietary format. Knox really should
switch to pkcs12. Keytool will tell you that).
Can you list the files you have for your certificate(s) and key? There are many
ways to use a .pem so there is no one command to use.
1. If everything (cert, cacert, private key) is in the .pem:
openssl pkcs12 -export -in server.pem -out server.p12
1. If they are all separate:
openssl pkcs12 -export -in server.cer -inkey server.key -certfile cacert.pem
-out server.p12
Then convert p12 to pfx (replacing ${pw} with your knox master key).
```
sudo -u knox -i
cd /usr/hdp/current/knox-server/data/security/keystores/
keytool -importkeystore -srckeystore server.p12 -srcstoretype pkcs12 -srcalias
1 -destkeystore gateway.jks -deststoretype jks -destalias gateway-identity
-deststorepass "${pw}" -destkeypass "${pw}"
/usr/hdp/current/knox-server/bin/knoxcli.sh create-alias
gateway-identity-passphrase --value "${pw}"
```
--
Sean Roberts
From: "Ravikumar, Praveen Krishnamoorthy" <rpkr...@amazon.com>
Reply-To: "user@knox.apache.org" <user@knox.apache.org>
Date: Friday, 24 August 2018 at 04:53
To: "user@knox.apache.org" <user@knox.apache.org>
Subject: Need help in importing .pem(CA certificate) to knox
Greetings,
I need help in importing CA signed certificate in Knox. I have a certificate in
.pem file format registered for domain name. Knox documentation had the steps
to import .cert file but not for .pem file format.
Could anyone please let me know the steps to import the .pem file certificate
in Apache knox ?
Thanks,
Praveen.
