& 18




If a user has an existing PKCS#12 key that they got from a certificate authority or somewhere else, and they want to use it in the NetLD, this is how they can do that.


In the command examples below, PFX_FILE is the key file name, and KEY_NAME is the name of the key in the PKCS file.


Virtual Appliance:

On a new Virtual Appliance (VA) all keytool commands must be run from /usr/share/netld/java/bin.


[tcadmin@netld]$ cd /usr/share/netld/java/bin
[tcadmin@netld]$ sudo keytool -importkeystore -srcstoretype pkcs12 -destkeystore /data/netld/.keystore -deststoretype pkcs12 -deststorepass ziptie -destalias ziptie -destkeypass ziptie -srckeystore <PFX_FILE> -srcalias <KEY_NAME>


After updating the certificate the virtual appliance needs to be restarted in order for the new certificate to take effect.


If you need delete the existing SSL certificate enter the following command:


[tcadmin@netld]# sudo /usr/share/netld/java/bin/keytool -delete -alias ziptie -keystore /data/netld/.keystore


Linux:


[root@netld]# cd /usr/share/netld

[root@netld]# keytool -importkeystore -srcstoretype pkcs12 -destkeystore config/.keystore -deststoretype jks -deststorepass ziptie -destalias ziptie -destkeypass ziptie -srckeystore <PFX_FILE> -srcalias <KEY_NAME>


If you don't know the KEY_NAME in the existing key file you can run this command and it will show use the name as the "friendlyName":


[root@netld]# openssl pkcs12 -info -in <PFX_FILE> -nokeys

If you need delete the existing SSL certificate enter the following command:


[root@netld]# keytool -delete -alias ziptie -keystore config/.keystore -storepass ziptie

 *In case of importing PEM file instead of PFX file* 


[root@netld]# keytool -import -alias ziptie -keystore config/.keystore -file <PEM_FILE>

After replacing the file, please restart the netld service.

Windows:

Open a cmd.exe shell as Administrator and execute the following command in the Net LineDancer installation directory:


C:\Program Files\Net LineDancer> java\bin\keytool -importkeystore -srcstoretype pkcs12 -destkeystore config\.keystore -deststoretype jks -deststorepass ziptie -destalias ziptie -destkeypass ziptie -srckeystore <PFX_FILE> -srcalias <KEY_NAME>

If you don't know the KEY_NAME in the existing key file you can run this command and it will show use the name as the "friendlyName":


C:\Program Files\Net LineDancer> java\bin\keytool -openssl pkcs12 -info -in <PFX_FILE> -nokeys

If you need delete the existing SSL certificate enter the following command:


C:\Program Files\Net LineDancer> java\bin\keytool -delete -alias ziptie -keystore ..\..\config\.keystore -storepass ziptie


After replacing the file, please restart the netld service.


If you want to upgrade certificate, please move to Java/bin folder where netLD has installed.


C:\Program Files\Net LineDancer\Java\bin


Enter the following command to delete the existed certificate.


C:\Program Files\Net LineDancer\Java\bin\keytool -delete -alias ziptie -keystore ..\..\config\.keystore -storepass ziptie


Create new certificate.


C:\Program Files\Net LineDancer\Java\bin\keytool -importkeystore -srcstoretype pkcs12 -destkeystore config/.keystore -deststoretype jks -deststorepass ziptie -destalias ziptie -destkeypass ziptie -srckeystore <PFX_FILE> -srcalias <KEY_NAME>


Please restart the netld service.