Highlighted
Micro Focus Expert
Micro Focus Expert
204 views

(SP/Propel) Support Tip: how to apply and verify custom SSL certificates in SMSP and Propel

1. how to replace with custom SSL certificaties in SMSP

 - please refer to official document.
 https://docs.software.hpe.com/SM/9.52/Hybrid/Content/install/smsp_install/replace_smsp_oob_ssl_certificate.htm

 

2. how to verify custom SSL certificates files

 1) SSL certificates files in SMSP

   /opt/hp/propel/security

      CA.crt      // Certified Authority certification file, PEM format

      .keystore   // Java Keystore file where Propel/SMSP host's certification is imported

      propel_host.chain.crt // merged PEM format certification for CA.crt, propel_host.crt and other certified hosts

      propel_host.crt      // Propel/SMSP host's certification file, PEM format

      propel_host.key.rsa // Propel/SMSP host's RSA private key

      propel_host.pfx    // Propel/SMSP host's KCS#12 format

      propel.truststore   // Java Keystore file where all trusted host certifications are imported

 1.png

 

2) verification  ( same to any set of certification files, OOB and custom both )

  • CA.crt

% openssl x509 -issuer -subject -dates -noout -in CA.crt

 2.png

 

  • .keystore

% keytool -list -v -keystore .keystore

3.png

propel2014 as default password

 

  • propel_host.chain.crt

% openssl x509 -issuer -subject -dates -noout -in propel_host.chain.crt

 4.png

 

  • propel_host.crt

% openssl x509 -issuer -subject -dates -noout -in propel_host.crt

 5.png

 

  • propel_host.key.rsa

We can see details of private key by below command, however, it is more important to verify matching between private key and public key

%openssl rsa -noout -text -in propel_host.key.rsa

 verify matching between private key(propel_host.key.rsa) and public key(propel_host.crt)

% openssl x509 -pubkey -in propel_host.crt -noout | openssl md5

% openssl pkey -pubout -in propel_host.key.rsa | openssl md5

 6.png

 

  • propel_host.pfx

% openssl pkcs12 -info -in propel_host.pfx

7.png8.png

propel2014 as default password

 

  • propel.truststore

% keytool -list -v -keystore propel.truststore

9.png10.png

propel2014 as default password

 

Labels (1)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.