This appendix demonstrates how to import the X.509 certificate exported from the Red Hat Enterprise Virtualization server (See Section 2.1, “TLS/SSL Certification” for information on certificate exports) into a new Java keystore file.
Procedure B.1. Import a certificate into a new Java keystore
This process helps a user import the
rhevm.cer certificate from Section 2.1, “TLS/SSL Certification” into a Java keystore. This procedure requires the keytool management utility from the Java Development Kit (JDK) available for Linux and Windows systems.
- Access your client machine and locate the
rhevm.cercertificate. - Import the
rhevm.cercertificate using the Java keytool management utility.keytool -importcert -v -trustcacerts -keystore restapi.jks -noprompt -alias rhevm -file rhevm.cer
The keytool utility creates a new keystore file namedrestapi.jks. - keytool asks for the keystore password. Enter a password and keytool asks to verify it.
- keytool adds the
rhevm.cercertificate to therestapi.jkskeystore. Use keytool -list command to view the certificate's entry in the keystore:keytool -list -keystore restapi.jks -storepass [password]
Important
Some versions of keytool parse the certificate incorrectly. If keytool does not recognise the certificate, convert it to a different X.509 format with the openssl tool:
openssl x509 -in rhevm.cer -out rhevm.new -outform [pem|der]This creates a file called
rhevm.new to use in place of rhevm.cer.