Unimus
Page tree

Versions Compared

Old Version 5

changes.mady.by.user Tomas Kirnak

Saved on

compared with

New Version 6

changes.mady.by.user Tomas Kirnak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

If you want to use Unimus with HTTPS using a CSR to generate a CA-signed certificate, the process is similar to Unimus HTTPS with a self-signed cert.

On Linux:

Set "keytool" path

Code Block
languagetext
JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64
KEYTOOL=$JAVA_HOME/bin/keytool

...

Code Block
languagetext
cd /opt/unimus
$KEYTOOL -genkeypair -alias UnimusHttpsCert -keyalg RSA -keysize 4092 -keystore keystore.pkcs12p12 -storetype PKCS12

The command above will ask for a keystore password (remember this for later), as well as other parameters of the certificate.
The details provided here will be present in the certificate.

...

Code Block
languagetext
$KEYTOOL -certreq -alias UnimusHttpsCert -keyalg RSA -file unimus-csr.pem -keystore keystore.pkcs12p12

This will generate the "unimus-csr.pem" CSR file.

...

Code Block
languagetext
$KEYTOOL -importcert -alias UnimusHttpsCert -file cert.pem -keystore keystore.pkcs12p12

Modify Unimus service configuration

...

Code Block
languagetext
vim /etc/default/unimus

# append behind existing config, all on same line
-Dserver.ssl.key-store=/opt/unimus/keystore.pkcs12p12 -Dserver.ssl.keyStoreType=PKCS12 -Dserver.ssl.keyAlias=UnimusHttpsCert -Dserver.ssl.key-store-password=[insert password here]

On Windows:

On Windows, you can usually generate the CSR using the Windows built-in Certificate Manager. This CSR can then be signed by your Windows CA.

Once the CSR is signed, you will usually import the certificate into your local Trust Store. You can then export both the cert and its key into a .pfx store.
Once you have a .pfx store with both the cert and the key present, you can convert that into the .p12 format Unimus needs using:

Code Block
languagetext
set JAVA_HOME=C:\Program Files\Unimus\jre11
set KEYTOOL=%JAVA_HOME%\bin\keytool
 
cd "C:\Program Files\Unimus"
keytool -list -storetype PKCS12 -keystore your-pfx-file-path-here.pfx -storepass keystore_password

Note the alias of the certificate you want to use. Then you can run:

Code Block
languagetext
keytool -import -alias alias_here -file your-pfx-file-path-here.pfx -keystore unimus.keystore.p12 -storetype PKCS12 -storepass keystore_password

After you generate the .p12 store, you can use it in Unimus' config file like this:

Code Block
languagetext
-Dserver.ssl.key-store="C:\\Program Files\\Unimus\\unimus.keystore.p12"
-Dserver.ssl.keyStoreType=PKCS12
-Dserver.ssl.keyAlias=[insert alias here]
-Dserver.ssl.key-store-password=[insert password here]