In the first part of this doc - "Step 1: Generate the required certificates and keystores for SSL communication"
we have generated the new keystore.
We have imported the certificated provided by the client - client have provided us with cert.p7b file , this had chained certofocates in it and we extracted all .cer files from it and imported in the new keystore created in above step.
performed remaining all the steps as per the doc mentioned.
Now concern here is - on the client machine where we are accessing the HTTPS URL for analytics application, the certificate shows validity only for three months.(however the cfts provided by client are valid for more than 2 yrs).
Certs received from Client are valid for at least more than 1 yr. but application console does not reflect the same
Impact of this problem : After 3 months we are not able to log into the application, as certificated expires.
Though there is certificate error in the browser, we are able to log into the application.
We followed below 2 approach in extracting and importing the certificate to key store, both are not working
1) Created a new keystore: (this is step where passed CN as prod_gtpm)
3 .pem SSL Creation Instructions
SSL .pem files (concatenated certificate container files), are frequently required for certificate installations when multiple certificates are being imported as one file.
Creating a .pem with the Entire SSL Certificate Trust Chain
1. Download your Intermediate (DigiCertCA.crt), Root (TrustedRoot.crt), and Primary Certificates (your_domain_name.crt).
2. Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:
1. The Primary Certificate - your_domain_name.crt
2. The Intermediate Certificate - DigiCertCA.crt
3. The Root Certificate - TrustedRoot.crt
Make sure to include the beginning and end tags on each certificate. The result should look like this:
(Your Primary SSL certificate: your_domain_name.crt)
(Your Intermediate certificate: DigiCertCA.crt)
(Your Root certificate: TrustedRoot.crt)
Save the combined file as your_domain_name.pem. and imported the pem file in keystore.
1) Created a new keystore: (this is step where passed CN as prod_gtpm_obi)