I am trying to generate a CSR using wasp probe function ssl_generate_csr
it has a variable called x500_distinguished_name
Looking for some guidance on the format of this string
so the value for the parameter should be formatted like this
c=US, s=Ohio, l=Nimsoft, o=My Company, ou=My Department, cn=www.myurl.com
Although the CSR isn't outputted to a file so you need to use the Probe Utility GUI
You can double click the value in the left pane of the Probe Utility and then you can use CTRL+C to copy your CSR
Were you able to get a SSL Certificate from a trusted third party? I just found out that Nimsoft does not support 2048-bit encryption and this is a requirement of our trusted third party for all SSL certs.
I just went through this exercise and ran into the same problem. It is not an issue of lack of support for 2048-bit keys. I have found that the wasp can handle a 2048-bit private key just fine. The problem is that the callback the wasp makes available to generate the CSR uses a default key length of 1024 bits (which is the same as the default for the Java keytool command).
I managed to generate a 2048-bit private key manually using the Java keytool command. You need the password for the keystore in order to use the keytool command on it. You can set the password on the keystore by using the ssl_reinitialize_keystore callback. Then you can go to the wasp/conf directory and run the following command:
..\..\..\..\jre\jre1.6.0_17\bin\keytool -genkeypair -alias wasp -keyalg RSA -keystore wasp.keystore -keysize 2048
If you have the newer JRE installed, you might need to use jre1.6.0_24 instead of jre1.6.0_17 in the path above.
After the keystore contains a 2048-bit private key, you can generate a CSR using the following command:
..\..\..\..\jre\jre1.6.0_17\bin\keytool -certreq -keystore wasp.keystore -alias wasp -file certreq.csr
Then you can import the signed certificate and root certificate as usual, which is covered in the documentation.
Looking at my notes a bit more, I noticed that I also deleted the existing private key before generating a new keypair. I am not sure if that was necessary or if reinitializing the keystore does that automatically. Here is the command to delete the private key the wasp generates by default:
..\..\..\..\jre\jre1.6.0_17\bin\keytool -delete -alias wasp -keystore wasp.keystore
And here is how you can view the contents of the keystore to determine if anything is in there:
..\..\..\..\jre\jre1.6.0_17\bin\keytool -list -keystore wasp.keystore
Thanks will give this a try. do i enter in my distinguished name info when generating the private key or when i generate the CSR?
it's prompting me for that. Please disregard my last post.
All good so far. I got my certificate from my Trusted provider. When I try to use http://localhost/wasp_upload_certificate.jsp, however, it redirects to my UMP login page. Any thoughts?
I think some versions of the documentation have the URL wrong. Try this:
Sorry I should have clarified. I get redirected to the UMP login when I try to go to either https://localhost/jsp/wasp_upload_certificate.jsp or https://localhost/wasp_upload_certificate.jsp
If I go to either http://localhost/jsp/wasp_upload_certificate.jsp or http://localhost/wasp_upload_certificate.jsp, I get a page cannot be displayed error. I wonder if I am missing a service that the Wasp needs to be running?
What version of UMP?
latest version. 2.1.2
Seems like something is missing. Nothing to my knowledge is getting served up to port 80
What port are you using for the UMP? The default is port 8084:
We are using 8081. I think this is a carryover from SDP. I've already tried the link using port number 8081, etc. and it redirects to the UMP login page.
I changed the HTTP port to 8084 just to try it and the same thing happened. But on a hunch, I cleared all history, form data, etc. from IE and bingo the correct screen came up!
I was then able to upload my certificates (Apache type), restart the WASP and voila! Thanks for your help!
Somehow uploading via portal did not work for me, I used usual jks ssl certificate import after generating csr and buying the cert via verisign website
I imported root and intermediate certs first afterwards I imported the cert that I requested.
E:\Nimsoft\probes\service\wasp\conf>..\..\..\..\jre\jre1.6.0_17\bin\keytool -imp ort -trustcacerts -alias root -keystore wasp.keystore -file root.cer
Enter keystore password:
Owner: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c)
2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="Ve riSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c)
2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="V eriSign, Inc.", C=US Serial number: 18dad19e267de8bb4a2158cdcc6b3b4a Valid from: Wed Nov 08 08:00:00 SGT 2006 until: Thu Jul 17 07:59:59 SGT 2036 Certificate fingerprints:
Signature algorithm name: SHA1withRSA
#1: ObjectId: 184.108.40.206 Criticality=true KeyUsage [
#2: ObjectId: 220.127.116.11 Criticality=true BasicConstraints:[
#3: ObjectId: 18.104.22.168 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [
0000: 7F D3 65 A7 C2 DD EC BB F0 30 09 F3 43 39 FA 02 ..e......0..C9..
0010: AF 33 31 33 .313
#4: ObjectId: 22.214.171.124.126.96.36.199.12 Criticality=false
Trust this certificate? [no]: yes
Certificate was added to keystore
E:\Nimsoft\probes\service\wasp\conf>..\..\..\..\jre\jre1.6.0_17\bin\keytool -imp ort -trustcacerts -alias cacerts -keystore wasp.keystore -file cacert.cer
-import -alias wasp -keystore wasp.keystore -file ssl_cert.cer
Certificate reply was installed in keystore
Here is the Doc I followed to get ssl to work in UMP/
Retrieving data ...