2

How can I export public key(.pem) from API Manager's wso2carbon.jks? I want to put it in the /etc/ssl/certs/ca-certificates.crt of my linux server. I do that the above is to solver the problem like me

Community
  • 1
  • 1
Mike
  • 419
  • 1
  • 6
  • 16

2 Answers2

4

Run this command at <APIM_HOME>/repository/resources/security/. This will create a cert file wso2.crt.

keytool -export -alias wso2carbon -file wso2.crt -keystore wso2carbon.jks

Password of default keystore is wso2carbon.

Bee
  • 12,251
  • 11
  • 46
  • 73
2

You can use openssl to extract the public key of the server.

  1. Start the server

  2. execute the command "openssl s_client -connect :" e.g openssl s_client -connect localhost:8243

  3. Copy the cert(BEGIN CERTIFICATE to END CERTIFICATE) from the result

-----BEGIN CERTIFICATE----- MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJV UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoM BFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAy MTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwN TW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzO M4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe 0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXn RS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcN AQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTm xbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogR Kv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo= -----END CERTIFICATE-----

  1. open the /etc/ssl/certs/ca-certificates.crt and append the cert content retrieved in step 3
Jenananthan
  • 1,381
  • 2
  • 10
  • 20
  • why is it "localhost:8243"? Then why does The API Console generate the ip "https://172.17.0.1"? – Mike Dec 29 '16 at 14:10