Reset Search
 

 

Article

KB2453 - How to obtain a Javasoft Certificate for the Pulse Connect Secure devices

« Go Back

Information

 
Last Modified Date6/27/2018 6:34 PM
Synopsis
How to obtain a Javasoft Certificate for the Pulse Connect Secure devices
Problem or Goal
The PCS uses Javasoft Certificates to sign applets that run using the Oracle JVM.  Before you can purchase your certificate from either Thawte or VeriSign, a CSR needs to be generated. Once you have imported your purchased certificate into the keystore file, you can import  the keystore into the PCS.
 
Cause
Solution
  1. Download the Java Software Development Kit (SDK). The Java SDK is available free of charge from Oracle.  Use the following tool to apply for your Code Signing Digital ID and sign your code: keytool
  2. Generate a public/private key pair.  This command wraps the public key into an X.509 v1 self-signed certificate, which is stored as a single-element certificate chain. This certificate chain and the private key are stored in a new keystore entry identified by alias.
C:\Program Files\jdk\bin\keytool -genkey -keyalg rsa -keystore <KeyStoreName> -alias <PrivateKeyName>
  1. Generate a Code Signing Digital ID Signing Request (CSR)
C:\Program Files\jdk\bin\keytool -certreq -keystore <KeyStoreName> -alias <PrivateKeyName> -file CertReq.txt
  1. Copy the text in the CertReq.txt file and paste it into the Thawte or VeriSign application form.  Please use the link "Code Signing Certificate from Thawte" or the link " or the link "Code Signing Certificate from VeriSign"
  2. Import your Signed Certificate into the Keystore
C:\Program Files\jdk\bin\keytool -import -keystore <KeyStoreName> -alias <PrivateKeyName> -file <SignedCA>.cer
Enter keystore password:
Certificate reply was installed in keystore
  1. Install the keystore file into the PCS using your keystore password for the password. You will need to go to Configuration > Certificates > Code-signing Certificates > Import Certificates

 
In the event that see the error keytool error: java.lang.Exception: Failed to establish chain from reply in Step 5 above, please follow the steps below:
 
  1. Import the Intermediate and Root CA to the keystore:
C:\Program Files\jdk\bin\keytool -import -trustcacerts -keystore <KeyStoreName> 
-alias <ROOT CA NAME> -file <ROOT CA>.cer
C:\Program Files\jdk\bin\keytool -import -trustcacerts -keystore <KeyStoreName> 
-alias <ROOT CA NAME> -file <Intermed CA>.cer
  1. List the certs in the keystore to ensure the Root and Intermediate CA's are installed.
C:\Program Files\jdk\bin\keytool -list -Keystore <KeyStoreName>
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 3 entries

rootca, Nov 5, 2009, trustedCertEntry,
Certificate fingerprint (MD5): 49:EE:C3:6F:1C:62:31:CB:AF:18:67:27:6F:94:AD:5F
intermca, Nov 5, 2009, trustedCertEntry,
Certificate fingerprint (MD5): 49:EE:C3:6F:1C:62:31:CB:AF:18:67:27:6F:94:AD:GF
privatekey, Nov 5, 2009, PrivateKeyEntry,
Certificate fingerprint (MD5): 2C:26:1A:87:2D:25:69:A2:AE:68:72:C4:4A:1F:A5:59
  1. Install the signed certificate
C:\Program Files\jdk\bin\keytool -import -keystore <KeyStoreName> 
-alias <PrivateKeyName> -file <SignedCA>.cer
Enter keystore password:
Certificate reply was installed in keystore
  1. Delete the Root and Intermediate CA from the keystore.
C:\Program Files\jdk\bin\keytool -delete -alias RootCA -keystore <KeyStoreName>
C:\Program Files\jdk\bin\keytool -delete -alias InterMCA -keystore <KeyStoreName>
  1. List the certs in the keystore to ensure the Root and Intermediate CA's are now removed.
C:\Program Files\jdk\bin\keytool -list -Keystore <KeystoreName>
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

privatekey, Nov 5, 2009, PrivateKeyEntry,
Certificate fingerprint (MD5): 2C:26:1A:87:2D:25:69:A2:AE:68:72:C4:4A:1F:A5:59
  1. Install the keystore file into the PCS using your keystore password for the password.  Go to Configuration > Certificates > Code-signing Certificates > Import Certificates
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255