Supported, nor enlightened by my current or previous employers. This site is in no way affiliated, endorsed, sanctioned, Keytool -keystore sfdcsec.ks -changealias -alias 1 -destalias demo_example_comĪnd voilah, you have a properly signed certificate for your Salesforce instance. The Salesforce import utility is picky about Alias names. Keytool -v -importkeystore -srckeystore fullchain.pkcs12 -destkeystore sfdcsec.ks -deststoretype JKS Adjust alias for Salesforce import Keytool -delete -alias sfdcsec -keystore sfdcsec.ksĪlmost final steps. That gives you the empty keystore: keytool -genkey -keyalg RSA -alias sfdcsec -keystore sfdcsec.ks You can't just create an empty keystore, so create a new temp key and specify a new keystore, then delete that key. Openssl pkcs12 -export -out fullchain.pkcs12 -in fullchain.pem Prepare a Java JSK keystore Note: if you do that on a Windows command prompt you must run the command prompt as administrator otherwise you just get an error Then use OpenSSL to convert that into PKCS12 format. Sudo cat /etc/letsencrypt/life//*.pem > fullcert.pem Presuming you used the Letsencrypt mechanism: Sudo certbot certonly -manual -preferred-challenges dns -d Convert PEM to PKCS12 formatįirst concatenate all PEM files into one. There used to be a tls-sni challenge which was marked insecure, so you want to the DNS challenge. ![]() Access to your DNS to add a record (for the challenge)įor this sample I will use the Domain “” Obtaining a PEM certficate from LetsEncryptĮasiest is to use the certbot utility on a Linux machine (e.g.This article outlines the steps to use a LetsEncrypt certificate in a keystore. Salesforce is build on Java, so we have to make peace with the Keystore. The keystore Java uses is different from the certificate files you are used to in your web server or node.js. ![]() ![]() Dealing with certificates in Java is always fun.
0 Comments
Leave a Reply. |