Example .jks file generation
The .jks domain file is required for the Securosys XKS proxy to authenticate to your domain. To correctly configure the Securosys XKS proxy a path to the .jks file must be adapted in the application.yaml file, see parameter ssl: key-store in chapter 3.2Securosys XKS proxy configuration.
There are multiple ways to generate a .jks file. In this example we are using openssl and keytool utilities. It is required to have these utilities preinstalled on the device where the .jks file will be created.
A prerequired step for this example is to generate a certificate for your domain. For the next steps you will require your *.ca, *.crt files and a private key.
To generate a .jks from these files it is required to combine your *.crt and *.ca files. Manually copy all data from *.ca into *.crt, and then you can use the following command. When prompted provide a password for the newly generated .p12 file Replace the file names "exanple.crt" and "example.key" with your own.
openssl pkcs12 -export -in exanple.crt -inkey example.key -out abc.p12
To generate the .jks file execute the following command with the java keytool utility. When prompted provide the same password used with the openssl command. Replace the "example" file names with your own:
keytool -importkeystore -srckeystore example.p12 \
srcstoretype PKCS12 \
destkeystore example.jks \
deststoretype JKS
To import your .jks file to the AWS EC2 instance where the Securosys XKS Proxy will be installed.