From the Blogosphere
Audit Certificate Inventory in Java/JDK | @CloudExpo #API #Java #Cloud
Generate list of Certificates used in Java environment
By: Asim Saddal
May. 3, 2016 09:35 AM
A digital certificate is an electronic "passport" that allows a person, computer or organization to exchange information securely over the Internet using the public key infrastructure. A digital certificate may also be referred to as a public key certificate. The main purpose of the digital certificate is to ensure that the public key contained in the certificate belongs to the entity to which the certificate was issued.
Digital certificates package public keys, information about the algorithms used, owner or subject data, the digital signature of a Certificate Authority that has verified the subject data, and a date range during which the certificate can be considered valid. Certificates are signed by the Certificate Authority (CA) that issues them. In essence, a CA is a commonly trusted third party that is relied upon to verify the matching of public keys to identity, e-mail name, or other such information.
Any WebSphere administrator already know that managing the SSL certificates in a large complex environment becomes hectic and troublesome because of the different expiration dates of the certificates that WebSphere uses and also the SSL certificates of the external systems that WebSphere Application Server interact with using a secure connection. Multiple administrators in any organization renewing and managing certificates but not keeping track of the expiration dates of certificates.
The purpose of this document describes how to generate a report for all the certificates using in the Java environment by using a simple shell script. The script checks all certificates that are stored in Keystores. The script generates a report in the form of CSV file and the report contains the hostname, Keystore Name, Certificate Alias, Issues to (common name), Issued by, Expire in number of Days and Expiration Date.
1- Create the following Jython script and name it "certsAudit.sh":
2- Copy the “certsAudit.sh” file on the WebSphere server (in /tmp folder).
3- Make sure the target server has any version of Java installed. A “keytool” utility is used by the script which comes with Java
4- Edit the “certsAudit.sh” file and update the “keytoolPath” parameter with the location of the keytool file. Usually it is “JAVA_HOME/bin/keytool”.
5- Edit the “certsAudit.sh” file and update the “keystores” parameter with the targeted Java keystore file name(s) with the path.
6- Edit the “certsAudit.sh” file and update the “password” parameter with the targeted Java keystore password.
7- Change the user to WASUSER and the file permission, if needed
8- Go to the “/tmp” folder, where the script file is copied
9- Run the following command.
10- Once the script executed, it will create "/tmp/certsLogFile.csv" file
11- Copy the "certsLogFile.csv" file the desktop by using the ftp/scp client
12- Review the csv file
Latest AJAXWorld RIA Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week