Skip to main content
G'day Brian,

Thanks for the update.

The reason why I couldn't join, was because MS decided to verify my account and the verification took 2 1/2 hours to arrive. By that time it was too late. Darrell found out out afterwards that the delay was between two of the MS servers.

Sorry about that, but it is one of the reasons why we don't use MS products.

This is, from my perspective, very technical and that is why we use Darrell for this sort of work. I am self taught and design system using data bases for our work. Hence my love of SB+

Thanks for your help.

Alex

On 23/4/21 10:32 pm, Brian Cram via Rocket Forum wrote:
Hi, Alex. I had a meeting with your guy and MBS ( you were invited but I don't think you joined ). We went through the process and here's what we...
Be sure to join the forums you're interested in to be notified of new content. Click the join button from either the forum listing page or the home page of any given sub-forum.

Tip: Want a single update on all your forum memberships? Go to Profile > My Account > Forum Notifications, and check 'daily consolidated digest.' Switch the discussion email drop down to 'no email' or you will receive both.

D3 and mvBase

Post New Message Online
Re: SSL Certificates
Reply to Group Online
Brian Cram
Apr 23, 2021 10:30 AM
Brian Cram
Hi, Alex. I had a meeting with your guy and MBS ( you were invited but I don't think you joined ). We went through the process and here's what we determined:

The problem with importing the wildcard certificate into the MVS Toolkit keystore had nothing to do with the fact that it was a wildcard certificate but rather that it was not from a sufficiently-trusted Certificate Authority. The way they got around it was to create a .PEM file that had a sufficiently-trusted certificate followed by the wildcard certificate followed by the private key as follows ( edited for brevity and security ):

 

-----BEGIN CERTIFICATE-----

MIIFvjCCBKagAwIBAgISAzMCsFkt1ZFCjM1IW9vy3ERVMA0GCSqGSIb3DQEBCwUA

( edited )

ExYXodzx1ZjG4Lr1S0d2S+psKWy41Yqwg8a1/nGKMi5exQ==

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/

( edited )

UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==

-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----

tQ2TKKvqoK/5jWhD50tdZEQVEFJUXVMvmw08TwIDWpVEDZd8+L40y8aAB9FqGX7z

( edited )

bxU8rX3s9YnMMGyp4BiKGPoiDTGsiE9v+vVorcYW3XGOZaPrjlpMcorI6Ugk0Dwj

-----END RSA PRIVATE KEY-----

 

The steps for creating the Java Keystore used by the MVS Toolkit were:

 
1) Aggregate the two certificates and private key into on .PEM file

 

2) Use OpenSSL to convert the .PEM file to a .PKCS12 file

 

3) Use the JDK's keytool utility to create an empty keystore file ( .KS )

 

4) Use the JDK's keytool utility to import that .PKCS12 file into that keystore file ( .KS )

 

One annoyance is that if there are any failures using OpenSSL and/or keytool, the errors thrown are rather cryptic. This is not a weakness in the Toolkit itself, but rather the third-party open-source utilities: OpenSSL and the JDK ( Java Development Kit ).

 

The good news is that your resource now knows how to do this easily and will be able to deal with certificate expiration very easily next time.
  Reply to Group Online   View Thread   Post New Message Online  
G'day Brian,

Thanks for the update.

The reason why I couldn't join, was because MS decided to verify my account and the verification took 2 1/2 hours to arrive. By that time it was too late. Darrell found out out afterwards that the delay was between two of the MS servers.

Sorry about that, but it is one of the reasons why we don't use MS products.

This is, from my perspective, very technical and that is why we use Darrell for this sort of work. I am self taught and design system using data bases for our work. Hence my love of SB+

Thanks for your help.

Alex

On 23/4/21 10:32 pm, Brian Cram via Rocket Forum wrote:
Hi, Alex. I had a meeting with your guy and MBS ( you were invited but I don't think you joined ). We went through the process and here's what we...
Be sure to join the forums you're interested in to be notified of new content. Click the join button from either the forum listing page or the home page of any given sub-forum.

Tip: Want a single update on all your forum memberships? Go to Profile > My Account > Forum Notifications, and check 'daily consolidated digest.' Switch the discussion email drop down to 'no email' or you will receive both.

D3 and mvBase

Post New Message Online
Re: SSL Certificates
Reply to Group Online
Brian Cram
Apr 23, 2021 10:30 AM
Brian Cram
Hi, Alex. I had a meeting with your guy and MBS ( you were invited but I don't think you joined ). We went through the process and here's what we determined:

The problem with importing the wildcard certificate into the MVS Toolkit keystore had nothing to do with the fact that it was a wildcard certificate but rather that it was not from a sufficiently-trusted Certificate Authority. The way they got around it was to create a .PEM file that had a sufficiently-trusted certificate followed by the wildcard certificate followed by the private key as follows ( edited for brevity and security ):

 

-----BEGIN CERTIFICATE-----

MIIFvjCCBKagAwIBAgISAzMCsFkt1ZFCjM1IW9vy3ERVMA0GCSqGSIb3DQEBCwUA

( edited )

ExYXodzx1ZjG4Lr1S0d2S+psKWy41Yqwg8a1/nGKMi5exQ==

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/

( edited )

UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==

-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----

tQ2TKKvqoK/5jWhD50tdZEQVEFJUXVMvmw08TwIDWpVEDZd8+L40y8aAB9FqGX7z

( edited )

bxU8rX3s9YnMMGyp4BiKGPoiDTGsiE9v+vVorcYW3XGOZaPrjlpMcorI6Ugk0Dwj

-----END RSA PRIVATE KEY-----

 

The steps for creating the Java Keystore used by the MVS Toolkit were:

 
1) Aggregate the two certificates and private key into on .PEM file

 

2) Use OpenSSL to convert the .PEM file to a .PKCS12 file

 

3) Use the JDK's keytool utility to create an empty keystore file ( .KS )

 

4) Use the JDK's keytool utility to import that .PKCS12 file into that keystore file ( .KS )

 

One annoyance is that if there are any failures using OpenSSL and/or keytool, the errors thrown are rather cryptic. This is not a weakness in the Toolkit itself, but rather the third-party open-source utilities: OpenSSL and the JDK ( Java Development Kit ).

 

The good news is that your resource now knows how to do this easily and will be able to deal with certificate expiration very easily next time.
  Reply to Group Online   View Thread   Post New Message Online  
Thanks, Alex.

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------
Terms & ConditionsAccessibility statement