What are the steps for setting up a cert for UMP. I have https running but the cert isn't valid, we are going to obtain one and I just need to be sure of the steps to get the cert installed for UMP.
There is some good information in this thread about SSL setup in the UMP:
In my experience, you have to generate the CSR from the wasp keystore (either using the callback in the wasp or using the keytool command). I have not found a way to take a certificate that was signed from an external CSR and add it successfully to the wasp keystore. The problem with that is the private key; I could not import an external private key even with the keytool command.
Attached is a document that has most of the steps to accomplish your task. My steps will deviate from yours as my cert was generated outside of the WASP. I believe I have solved Keith's issue with the regards to adding it to the WASP keystore.
Hope this helps and good luck
Nice work! Now that I see your instructions about how to import the private key into the wasp keystore, I am sort of glad I gave up on it and just went the easy route of generating the 2048-bit key pair and CSR using the keytool command. That is quite the process.
Yes very nice doc I had everything working fine just didn't reinitalize the keystore pass once that was done everything worked fine thanks for your help and this doc works better than the the link here in the forum.
I had to go through this exercise last week and can confirm that Brandon's instructions work!
We started with the certificate in PEM format and the key in a separate file, so we only needed run the latter openssl command but had to include the -inkey option when we ran it.
When we converted the certificate to PKCS12 format with the openssl command, we initially used no password. I had trouble importing the certificate, so eventually I tried recreating the PKCS12 certificate file with a password. I managed to import the password-protected certificate, but then the wasp had problems decrypting it. It finally worked completely when I used the same password on the PKCS12 certificate as on our wasp keystore. However, I suspect I only had to use the same password because I had dropped the password options from the keytool command in the course troubleshooting (and was relying on the command to prompt me for the passwords, which might to work exactly the same way).
Thanks again for figuring this out and posting the instructions, Brandon!
Retrieving data ...