Importing certificates into JKS (Java Keystore), which is used in the Kafka configuration (sensors):
#Install the Java 11 OpenJDK headless package using yum.
yum install java-11-openjdk-headless-11.0.21.0.9-2.el8.x86_64 -y
#Create a directory at /etc/pki/lassl/ and give read permission recursively.
mkdir /etc/pki/lassl/ && chmod +r /etc/pki/lassl/ -R
cd /etc/pki/lassl/
#Generate a Java KeyStore (JKS) with an RSA key pair, valid for 3650 days.
keytool -keystore client.keystore.jks -alias la -validity 3650 -keyalg RSA -genkey
#Export a PEM certificate and private key to a PKCS12 file using OpenSSL.
openssl pkcs12 -export -in host_domain_com.pem -inkey host_domain_com.key -certfile domainrootca.pem -out host_domain_com.p12
#Import a certificate authority's root certificate into a truststore JKS.
cd /etc/pki/lassl/ && keytool -keystore client.truststore.jks -alias CARoot -import -file domainrootca.pem
#Import the same root certificate into a keystore JKS.
keytool -keystore client.keystore.jks -alias CARoot -import -file domainrootca.pem
#Convert and import a PKCS12 file into the keystore JKS using the specified password.
keytool -importkeystore -deststorepass password -destkeystore client.keystore.jks -srckeystore host_domain_com.p12 -srcstoretype PKCS12
#Repeat the import of the PKCS12 file to the keystore, specifying both source and destination as PKCS12 types.
keytool -importkeystore -srckeystore host_domain_com.p12 -srcstoretype pkcs12 -destkeystore client.keystore.jks -deststoretype pkcs12
#List the contents of the client.keystore.jks using keytool.
keytool -keystore client.keystore.jks --list
As far as the activation of certificates for Kibana, ElasticSearch is concerned, check after the change of files that the correct access rights are set for the users ‘kibana’ and ‘elasticsearch’ respectively, and restart the processes kibana and elasticsearch after the change.
systemctl restart elasticsearch
systemctl restart kibana
Comments
0 comments
Please sign in to leave a comment.