Creating a jks file for Mashery mutual SSL

Creating a jks file for Mashery mutual SSL

book

Article ID: KB0074836

calendar_today

Updated On:

Products Versions
TIBCO Cloud API Management -

Description

Please follow the below steps to create a jks file for Mashery.

1) Gather the root, intermediate, domain certificate and private key that are required by the target server to validate Mashery connection. 
2) Convert the domain certificate and private key files to .pem format.
3) Using the .pem certificate and private key file create a .p12 file. Following command can be used or alternatively the p12 file can be created on Keystore Explorer. 

openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in certs.pem

Note the passphrase used to create this .p12 file. 

3) Create a new jks file and import the p12 file in it. Use the same passphrase from step 3 throughout the import process. The jks file will give errors if the passphrase is kept different. Below command can be used to create a jks file using p12. Alternatively keystore explorer can be used to import the p12 file. 

keytool -importkeystore -srckeystore [MY_FILE.p12] -srcstoretype pkcs12
 -srcalias [ALIAS_SRC] -destkeystore [MY_KEYSTORE.jks]
 -deststoretype jks -deststorepass [PASSWORD_JKS] -destalias [ALIAS_DEST]

4) After the jks file is created import the root and intermediate certificate gathered from step 1 into the jks. Following is an example command to import a certificate file. 

keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias" 

5) After all the files are imported into the jks, the file is ready for testing. A correct jks file would work for a SSL connection between a client and the server. You can use SOAPUI for testing out the jks file. Below documentation (Under the title "Use the Client Certificate for One Request") provides the details on how to configure a jks file for an API call. 

https://www.soapui.org/docs/functional-testing/sending-https-requests/

The call should be run from SOAP UI to the Origin API server with the jks file configured. If the calls works without issues then the jks file has been created correctly. If the calls fails please check the SOAP UI logs for java exception and make the changes to the jks file accordingly. Using the working jks file create a support case with Mashery and we will work on uploading the jks file to our Cloud traffic managers. 

Issue/Introduction

This article provides the details on how to create a jks file for Mashery to allow mutual SSL (two way SSL) authentication between Mashery and origin API server.