SSL
CREATE CERTIFICATE USING OPENSSL & LOAD CERTIFICATE IN JKS USING OPENSSL
1) Pre steps to add scan name ,alias ,keypassword and CN in ssl_config.ini
cd /oraclesw_new/SHA2/ssl
copy files ssl_config.ini,csrgen.sh and keystoreGen.sh to the sever where you require to enable SSL.
In ssl_config.ini add below paramters:
SCAN name
Alias
KEYPASSSID_NAME
Commonname
cat ssl_config.ini_ppmprd
#--------------------------------------------------------------------------------------------------
# PLEASE EDIT THIS FILE
#--------------------------------------------------------------------------------------------------
# COMMONNAME usually is the VIP name
COMMONNAME=prmprd.thefacebook.com
SID_NAME=PRMPRD
KEYPASS=*******
ALIAS=prmprd
# Other VIP names and node names can go in as Subject Alternative Names
# Define one per line
SAN_NAMES=(
prmprd.thefacebook.com
prmprd01.thefacebook.com
prmprd02.thefacebook.com
frc-prmprd01.thefacebook.com
frc-prmprd02.thefacebook.com
prn-prmprd01.thefacebook.com
prn-prmprd02.thefacebook.com
)
2) Generate certificate request file and Send to corp infra
cd /oraclesw_new/SHA2/ssl
. csrgen.sh
Private Key and Certificate Signing Request Generator
Generating a 4096 bit RSA private key
.........................................................................................................................................................................................................................................++
.................................................................................................++
writing new private key to 'sslcerts/PRMPRD/prmprd.thefacebook.com.key'
-----
Certificate Request:
Data:
Version: 0 (0x0)
Subject: CN=prmprd.thefacebook.com/emailAddress=it-omg-dba@fb.com, C=US, ST=California, L=Menlo Park, O=Facebook, OU=IT
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ea:3e:ee:e8:ac:df:5c:09:d1:a6:59:35:3c:15:
24:9b:f0:1c:98:92:b0:ca:10:f4:61:d4:06:e4:c1:
5c:a6:bd:31:40:8d:ad:3e:b5:22:57:5b:c0:01:b2:
79:45:26:9b:80:5c:fe:d5:e8:88:b3:9b:b1:b2:de:
4f:37:a5:e8:cd:11:5d:b7:97:ac:ff:91:db:31:ff:
82:81:6e:de:29:76:1d:5f:e2:18:8a:bd:95:3a:54:
da:de:ef:f7:32:f1:11:a1:8c:6c:64:81:34:91:13:
3b:aa:4d:b4:57:d2:bc:92:b2:2a:fc:66:81:da:13:
26:88:29:24:2b:c4:9b:05:20:8a:24:05:42:df:67:
52:cd:d1:4c:4e:57:4d:05:17:f1:c9:ce:34:bb:e8:
64:84:c2:7c:cb:fe:42:04:3f:d9:d3:34:e1:74:bd:
ce:43:e9:b5:32:f2:fe:0e:db:59:54:19:4b:4b:71:
07:74:4e:60:fc:53:a4:dc:ad:19:c6:a7:18:5d:46:
50:19:b1:20:fc:c0:eb:fd:81:ef:c1:c1:1a:11:c3:
41:5e:7d:d7:aa:90:a4:51:ff:ed:2c:32:b2:0f:26:
01:f9:73:de:c7:7d:cb:3e:7b:c8:29:7c:88:36:3e:
d7:02:97:f1:48:80:54:09:61:07:40:cf:05:c5:f5:
8d:1b:6d:50:f1:a6:62:51:c0:1e:68:48:81:75:ba:
1e:f1:72:79:5d:a6:38:cf:bc:0c:33:3d:39:28:9f:
b9:fe:48:33:30:10:3c:04:47:97:4e:a9:4c:29:77:
b5:76:0b:a2:3b:82:70:b3:93:30:81:b9:39:3d:d6:
47:00:33:63:ca:5b:b6:83:48:f9:93:3d:71:0c:7a:
1a:58:82:f4:1a:cb:66:6e:88:82:ed:6e:f0:27:e5:
26:89:66:6f:7c:1b:b4:bf:2f:d0:c3:cd:24:07:e9:
70:8b:a8:a0:34:fc:fc:1e:25:7c:44:d6:ee:b8:1b:
33:3a:8f:e2:c6:14:7e:c9:d9:d5:e4:df:01:64:61:
25:f9:8d:0d:94:bb:d5:39:8d:92:94:3b:54:58:f4:
79:33:ca:88:42:cf:a2:0d:02:b1:d1:3f:56:f2:57:
34:b6:41:bf:2f:0a:85:10:c0:63:8e:df:bc:11:e9:
f0:c4:2b:df:19:ae:a0:65:1b:af:b9:f1:6f:02:e7:
4b:7c:23:6f:0c:dd:4d:e6:d8:01:7f:8f:44:55:49:
4c:5f:47:df:4d:16:92:ed:28:9c:96:8e:53:f0:10:
a6:a3:82:0b:ce:ad:b0:b1:b1:5d:be:f1:be:76:8a:
e7:4e:e1:52:2f:86:f4:fc:d3:53:c5:c7:17:6d:75:
c1:a9:cb
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Subject Alternative Name:
DNS:prmprd.thefacebook.com, DNS:prmprd.thefacebook.com, DNS:prmprd01.thefacebook.com, DNS:prmprd02.thefacebook.com, DNS:frc-prmprd01.thefacebook.com, DNS:frc-prmprd02.thefacebook.com, DNS:prn-prmprd01.thefacebook.com, DNS:prn-prmprd02.thefacebook.com
Signature Algorithm: sha256WithRSAEncryption
58:6b:b2:14:21:67:fa:a7:96:78:28:88:d6:22:39:da:14:a6:
25:4a:9a:fe:64:05:a2:e9:9f:eb:13:9f:b4:38:53:f6:8d:dd:
4a:b4:01:c0:f2:26:c3:79:72:c6:91:21:d5:64:4d:f2:e9:3e:
1b:61:73:b9:63:07:0d:5b:11:a8:ac:5a:e8:65:81:81:23:37:
53:0b:d5:b6:6c:43:9c:0b:4e:8e:c7:a6:4e:ad:30:42:ac:f3:
96:7e:90:ce:3c:32:6c:1d:b0:94:f5:b5:e2:12:54:55:50:3b:
27:9a:1d:67:8d:01:bf:1e:ca:87:b9:8d:08:e0:2b:98:a3:1f:
36:db:db:0c:14:14:90:cc:4a:1e:52:cb:a4:8d:4e:43:be:d9:
45:c3:35:96:13:51:9b:4f:d1:7d:f8:f8:5e:59:56:c7:7d:c2:
c1:45:a5:18:73:6e:01:89:48:83:eb:08:d4:18:69:7e:ee:d5:
51:24:88:7f:78:a5:ca:81:fc:0b:c4:b9:f8:f7:8e:e0:0b:53:
04:e6:14:96:48:92:cf:b7:eb:49:82:eb:47:70:55:d8:55:1f:
f8:91:31:c5:21:24:e3:22:8f:ee:4e:81:64:5d:92:bc:c2:da:
a7:7f:41:6c:1c:08:36:d4:ee:97:86:f2:4e:7a:5b:35:18:59:
03:1a:c1:31:18:f9:78:10:40:50:93:92:88:35:78:89:36:a5:
a4:92:fe:86:7d:56:5a:67:67:63:2f:7a:36:32:69:c2:23:9d:
47:d0:22:4f:fa:c2:f3:07:89:01:77:0f:a0:5b:ba:0a:fa:9c:
44:25:e9:8e:51:5a:50:a6:06:dc:0d:f8:05:88:05:93:9f:63:
1a:11:31:16:df:fb:31:8d:5f:2e:62:10:ec:52:f2:e7:5b:cf:
6e:cf:fa:c9:31:7f:f2:f9:8b:71:da:44:a5:c5:80:70:6b:92:
d3:a7:33:77:3d:38:63:48:47:fa:81:98:60:53:d8:fd:6e:a9:
e3:49:00:43:2c:6f:24:96:56:5e:a1:08:f6:7a:4a:3e:73:67:
aa:4f:6b:34:46:91:60:ed:08:f5:e5:00:b4:c8:68:a8:cd:d8:
79:21:55:e2:44:0f:c0:ca:ae:60:4a:72:90:b4:4a:88:e7:dd:
01:32:07:5e:5e:0d:20:0b:aa:0b:ad:ce:1f:63:a5:23:cc:70:
ef:63:ad:56:a4:f6:46:59:ed:11:b3:1f:55:a1:e4:f9:e8:61:
8c:ca:bd:de:b1:72:a7:e3:3b:0a:84:bd:80:09:67:61:1c:2a:
c7:da:2c:01:f1:60:be:30:e1:81:fc:64:ba:82:39:e4:af:d4:
b0:d8:ae:2c:b0:52:90:f5
==================================================================================
PLEASE READ THE BELOW INSTRUCTIONS
==================================================================================
The Certificate request is also available in sslcerts/PRMPRD/prmprd.thefacebook.com.csr
Please copy the Certificate Request File sslcerts/PRMPRD/prmprd.thefacebook.com.csr to CorpInfra Oncall
Once you get the cer file from CorpInfra, Please copy it to sslcerts/PRMPRD and run keystoreGen.sh
The Private Key is stored in sslcerts/PRMPRD/prmprd.thefacebook.com.key
==================================================================================
==================================================================================
3) Load the certificate in jks file
[oracle@prn-finoamprd01 ssl]$
=======================================
[oracle@prn-finoamprd01 PRMPRD]$ pwd
/opt/app/cert/ssl/sslcerts/PRMPRD
[oracle@prn-finoamprd01 PRMPRD]$ ls -lrt
total 20
-rw-r--r-- 1 oracle dba 3272 Jan 12 16:57 prmprd.thefacebook.com.key
-rw-r--r-- 1 oracle dba 2114 Jan 12 16:59 prmprd.thefacebook.com.csr
-rw-r--r-- 1 oracle dba 3357 Jan 12 17:01 prmprd.thefacebook.com.cer
[oracle@prn-finoamprd01 ssl]$ . keystoreGen.sh
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes
localKeyID: 29 29 3F 92 7A 5B 21 2B 7B E8 81 92 71 D8 C4 00 D4 01 AE 44
subject=/C=US/ST=California/L=Menlo Park/O=Facebook/OU=IT/CN=prmprd.thefacebook.com/emailAddress=it-omg-dba@fb.com
issuer=/DC=com/DC=TheFacebook/CN=PRN-CASUB02
-----BEGIN CERTIFICATE-----
MIIJgjCCB2qgAwIBAgITOwAABGlzdySGlVeL/gAAAAAEaTANBgkqhkiG9w0BAQsF
ADBIMRMwEQYKCZImiZPyLGQBGRYDY29tMRswGQYKCZImiZPyLGQBGRYLVGhlRmFj
ZWJvb2sxFDASBgNVBAMTC1BSTi1DQVNVQjAyMB4XDTE3MDYyMDE3MTEwOVoXDTE5
MDYyMDE3MTEwOVowgZoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRMwEQYDVQQHEwpNZW5sbyBQYXJrMREwDwYDVQQKEwhGYWNlYm9vazELMAkGA1UE
CxMCSVQxHzAdBgNVBAMTFnBybXByZC50aGVmYWNlYm9vay5jb20xIDAeBgkqhkiG
9w0BCQEWEWl0LW9tZy1kYmFAZmIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAyTHtHgcCluam8DzprHh9D1NYif3swwm9HMTrpYII9GmnJwKtv5BE
RmhWwqdO78coBmn9VJGEHqY49+2aQpR2+EPoV7/fkGNu8P8QkyF/r/tQe3rI6Nzh
MQCq318Z/o3NbW6FYYmwSszjrn1FDBi2tHYQ5nH2as4LNr/nwLUVrW5WyPE4cAkB
NBs1oeI4d3mj0HCH5LgMWTPzxebWR5tZJJaCedRiTL3NJavcYl7HOK5RZIyenxGd
V+ZqstJTvfoWpcodZBD0qShmTvsYUmf+I0iAbjQVk+o+d/S34QBHBL9Fclw3f3fC
/ctKmAUxXTdfk4U3XYg4VKitVGVk158OyOrQxxr9SKYt824E2q/2wO13NTsPF09s
5EhuP9yNcEFKzpjTUSICNBQJY5o4tWGOjCwWpSERqh/apODKhLU/ABQnAxjTrPsV
dzINElI/OcYVH755iSHUPu9XgEH/zdeJm65/6xDpciM3/kiw1xZk/Gq5KZc/o1LA
rAS1iNSLGKEePowo6KXzltQKZaDnlUmcsRh0OZAgMqsULEIxIcWmGP9GLOIgtbYr
Cwo/gJOmFkfykh9kwZQdYPX5AJwTYFZt1jGx21NW/EQ+u+VPL+EW3lAWxBI5DirQ
pPl0KLdJ5ZznRup9VrTn1F+K0m+/snwqwKVN/9aprVJucBYwKCz8m0UCAwEAAaOC
BBAwggQMMIHnBgNVHREEgd8wgdyCFnBybXByZC50aGVmYWNlYm9vay5jb22CFnBy
bXByZC50aGVmYWNlYm9vay5jb22CGHBybXByZDAxLnRoZWZhY2Vib29rLmNvbYIY
cHJtcHJkMDIudGhlZmFjZWJvb2suY29tghxmcmMtcHJtcHJkMDEudGhlZmFjZWJv
b2suY29tghxmcmMtcHJtcHJkMDIudGhlZmFjZWJvb2suY29tghxwcm4tcHJtcHJk
MDEudGhlZmFjZWJvb2suY29tghxwcm4tcHJtcHJkMDIudGhlZmFjZWJvb2suY29t
MB0GA1UdDgQWBBRiG4To3bdHlh3LjwCJ4pt43TZA0zAfBgNVHSMEGDAWgBTTiqRH
G3BC1GrGn/fLKN+SyJCsuDCCAQkGA1UdHwSCAQAwgf0wgfqggfeggfSGNWh0dHA6
Ly9wa2kudGhlZmFjZWJvb2suY29tL0NlcnRFbnJvbGwvUFJOLUNBU1VCMDIuY3Js
hoG6bGRhcDovLy9DTj1QUk4tQ0FTVUIwMixDTj1wcm4tY2FzdWIwMixDTj1DRFAs
Q049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmln
dXJhdGlvbixEQz1UaGVGYWNlYm9vayxEQz1jb20/Y2VydGlmaWNhdGVSZXZvY2F0
aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIIB
TwYIKwYBBQUHAQEEggFBMIIBPTBdBggrBgEFBQcwAoZRaHR0cDovL3BraS50aGVm
YWNlYm9vay5jb20vQ2VydEVucm9sbC9wcm4tY2FzdWIwMi5UaGVGYWNlYm9vay5j
b21fUFJOLUNBU1VCMDIuY3J0MIGuBggrBgEFBQcwAoaBoWxkYXA6Ly8vQ049UFJO
LUNBU1VCMDIsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNl
cnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9VGhlRmFjZWJvb2ssREM9Y29tP2NB
Q2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9y
aXR5MCsGCCsGAQUFBzABhh9odHRwOi8vcGtpLnRoZWZhY2Vib29rLmNvbS9vY3Nw
MA4GA1UdDwEB/wQEAwIFoDA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiCuMAa
g87Wd4fdgReE4Kg9h9aFb4E4gfjyfoGOrHYCAWQCAQkwEwYDVR0lBAwwCgYIKwYB
BQUHAwEwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsF
AAOCAgEAAp9Pkojjig4JXpbwP/1SoA61YtqxuJ6YzuZDTPrV8S5tp50C1JMRRfX/
+ZEJT14wCXiSL3AukZS++ixcqjafwaUsyCzZedxNpWI+1yqImDDmhDFzBcKPxOYt
r/bI/XcjeAp/Tl8ksHGGBGvIDHDzTi4hQvAsHaIpSYwbmr5+eYpKp289DR1OwXk1
UpR1OM0LEg7Goy4GOU+xGo6T9rBsFoSi+pJVHv3WwPi2FaxapemzcDWuqgds1U7J
xXIPpSpr9mVU3n1h0kF984As8qd1xf7w8whuvJkNrOPs+32T6DPCrQ6j3p0d6v/x
pHI6H+LeQYVyri333tHM5IrwQzxNJLRFFJfaCsPoNLPoFvkGaSUdoOwWFpmoytFh
Nx8exSHWc8y5Kbtq1RA7hnHuUg3VMpZLShbmTtSFBpE3U7QJxaQMi3mXDl4xycjY
bK25rz/0WIXZncoB9shF4zp8Z1mczAkRMxysDqeVFvLAQqDkNuZFlNzCmd1+Z1on
T/N68NFEOkF52f9pTCFrOE9xR7mb6vw2i3iVoVIBo5y2vGuma9c7xfTOwTu4CJa3
ueb5e1l19SRSoKc8lZnVS9l4tF6SyS+f5f5/RcEYWvHmGdqLKYmU8tGXu2PTJJxy
6WyehD6EmcSYpAb751RQ/D4vQsgv0+YQe6u2EUfPawz5EG7NJoA=
-----END CERTIFICATE-----
Certificate bag
Bag Attributes: <No Attributes>
subject=/C=US/ST=California/L=Menlo Park/O=Facebook/OU=IT/CN=prmprd.thefacebook.com/emailAddress=it-omg-dba@fb.com
issuer=/DC=com/DC=TheFacebook/CN=PRN-CASUB02
-----BEGIN CERTIFICATE-----
MIIJgjCCB2qgAwIBAgITOwAABGlzdySGlVeL/gAAAAAEaTANBgkqhkiG9w0BAQsF
ADBIMRMwEQYKCZImiZPyLGQBGRYDY29tMRswGQYKCZImiZPyLGQBGRYLVGhlRmFj
ZWJvb2sxFDASBgNVBAMTC1BSTi1DQVNVQjAyMB4XDTE3MDYyMDE3MTEwOVoXDTE5
MDYyMDE3MTEwOVowgZoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRMwEQYDVQQHEwpNZW5sbyBQYXJrMREwDwYDVQQKEwhGYWNlYm9vazELMAkGA1UE
CxMCSVQxHzAdBgNVBAMTFnBybXByZC50aGVmYWNlYm9vay5jb20xIDAeBgkqhkiG
9w0BCQEWEWl0LW9tZy1kYmFAZmIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAyTHtHgcCluam8DzprHh9D1NYif3swwm9HMTrpYII9GmnJwKtv5BE
RmhWwqdO78coBmn9VJGEHqY49+2aQpR2+EPoV7/fkGNu8P8QkyF/r/tQe3rI6Nzh
MQCq318Z/o3NbW6FYYmwSszjrn1FDBi2tHYQ5nH2as4LNr/nwLUVrW5WyPE4cAkB
NBs1oeI4d3mj0HCH5LgMWTPzxebWR5tZJJaCedRiTL3NJavcYl7HOK5RZIyenxGd
V+ZqstJTvfoWpcodZBD0qShmTvsYUmf+I0iAbjQVk+o+d/S34QBHBL9Fclw3f3fC
/ctKmAUxXTdfk4U3XYg4VKitVGVk158OyOrQxxr9SKYt824E2q/2wO13NTsPF09s
5EhuP9yNcEFKzpjTUSICNBQJY5o4tWGOjCwWpSERqh/apODKhLU/ABQnAxjTrPsV
dzINElI/OcYVH755iSHUPu9XgEH/zdeJm65/6xDpciM3/kiw1xZk/Gq5KZc/o1LA
rAS1iNSLGKEePowo6KXzltQKZaDnlUmcsRh0OZAgMqsULEIxIcWmGP9GLOIgtbYr
Cwo/gJOmFkfykh9kwZQdYPX5AJwTYFZt1jGx21NW/EQ+u+VPL+EW3lAWxBI5DirQ
pPl0KLdJ5ZznRup9VrTn1F+K0m+/snwqwKVN/9aprVJucBYwKCz8m0UCAwEAAaOC
BBAwggQMMIHnBgNVHREEgd8wgdyCFnBybXByZC50aGVmYWNlYm9vay5jb22CFnBy
bXByZC50aGVmYWNlYm9vay5jb22CGHBybXByZDAxLnRoZWZhY2Vib29rLmNvbYIY
cHJtcHJkMDIudGhlZmFjZWJvb2suY29tghxmcmMtcHJtcHJkMDEudGhlZmFjZWJv
b2suY29tghxmcmMtcHJtcHJkMDIudGhlZmFjZWJvb2suY29tghxwcm4tcHJtcHJk
MDEudGhlZmFjZWJvb2suY29tghxwcm4tcHJtcHJkMDIudGhlZmFjZWJvb2suY29t
MB0GA1UdDgQWBBRiG4To3bdHlh3LjwCJ4pt43TZA0zAfBgNVHSMEGDAWgBTTiqRH
G3BC1GrGn/fLKN+SyJCsuDCCAQkGA1UdHwSCAQAwgf0wgfqggfeggfSGNWh0dHA6
Ly9wa2kudGhlZmFjZWJvb2suY29tL0NlcnRFbnJvbGwvUFJOLUNBU1VCMDIuY3Js
hoG6bGRhcDovLy9DTj1QUk4tQ0FTVUIwMixDTj1wcm4tY2FzdWIwMixDTj1DRFAs
Q049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmln
dXJhdGlvbixEQz1UaGVGYWNlYm9vayxEQz1jb20/Y2VydGlmaWNhdGVSZXZvY2F0
aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIIB
TwYIKwYBBQUHAQEEggFBMIIBPTBdBggrBgEFBQcwAoZRaHR0cDovL3BraS50aGVm
YWNlYm9vay5jb20vQ2VydEVucm9sbC9wcm4tY2FzdWIwMi5UaGVGYWNlYm9vay5j
b21fUFJOLUNBU1VCMDIuY3J0MIGuBggrBgEFBQcwAoaBoWxkYXA6Ly8vQ049UFJO
LUNBU1VCMDIsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNl
cnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9VGhlRmFjZWJvb2ssREM9Y29tP2NB
Q2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9y
aXR5MCsGCCsGAQUFBzABhh9odHRwOi8vcGtpLnRoZWZhY2Vib29rLmNvbS9vY3Nw
MA4GA1UdDwEB/wQEAwIFoDA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiCuMAa
g87Wd4fdgReE4Kg9h9aFb4E4gfjyfoGOrHYCAWQCAQkwEwYDVR0lBAwwCgYIKwYB
BQUHAwEwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsF
AAOCAgEAAp9Pkojjig4JXpbwP/1SoA61YtqxuJ6YzuZDTPrV8S5tp50C1JMRRfX/
+ZEJT14wCXiSL3AukZS++ixcqjafwaUsyCzZedxNpWI+1yqImDDmhDFzBcKPxOYt
r/bI/XcjeAp/Tl8ksHGGBGvIDHDzTi4hQvAsHaIpSYwbmr5+eYpKp289DR1OwXk1
UpR1OM0LEg7Goy4GOU+xGo6T9rBsFoSi+pJVHv3WwPi2FaxapemzcDWuqgds1U7J
xXIPpSpr9mVU3n1h0kF984As8qd1xf7w8whuvJkNrOPs+32T6DPCrQ6j3p0d6v/x
pHI6H+LeQYVyri333tHM5IrwQzxNJLRFFJfaCsPoNLPoFvkGaSUdoOwWFpmoytFh
Nx8exSHWc8y5Kbtq1RA7hnHuUg3VMpZLShbmTtSFBpE3U7QJxaQMi3mXDl4xycjY
bK25rz/0WIXZncoB9shF4zp8Z1mczAkRMxysDqeVFvLAQqDkNuZFlNzCmd1+Z1on
T/N68NFEOkF52f9pTCFrOE9xR7mb6vw2i3iVoVIBo5y2vGuma9c7xfTOwTu4CJa3
ueb5e1l19SRSoKc8lZnVS9l4tF6SyS+f5f5/RcEYWvHmGdqLKYmU8tGXu2PTJJxy
6WyehD6EmcSYpAb751RQ/D4vQsgv0+YQe6u2EUfPawz5EG7NJoA=
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Owner: CN=FBROOTCA, DC=thefacebook, DC=com
Issuer: CN=FBROOTCA, DC=thefacebook, DC=com
Serial number: 54666cd1d87cee9245ef0f169c749c7d
Valid from: Mon Jul 25 14:39:06 PDT 2016 until: Fri Jul 25 14:39:06 PDT 2036
Certificate fingerprints:
MD5: 8D:99:2D:CA:5C:99:21:41:EA:7C:6B:EC:3F:CB:14:65
SHA1: DC:CC:ED:5D:8A:75:CD:5D:28:0F:E1:83:D2:BD:5D:10:4E:B9:B1:1F
SHA256: F8:E8:E3:3B:4C:B2:62:44:8B:6F:C5:19:CD:BD:A9:CD:AC:97:0D:20:4C:7B:FE:0E:FE:0F:AA:48:CA:DB:8D:2F
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false
0000: 02 01 00 ...
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 38 AF 52 51 E0 E3 C2 98 E5 E0 B5 99 51 37 86 5C 8.RQ........Q7.\
0010: 46 3B 92 C7 F;..
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
Certificate was added to keystore
Certificate was added to keystore
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 4 entries
prn-casub02, Jan 12, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): C6:07:B0:24:90:F4:F7:51:07:87:F3:EF:C9:05:6E:2E:1B:B9:44:11
prmprd, Jan 12, 2018, PrivateKeyEntry,
Certificate fingerprint (SHA1): 29:29:3F:92:7A:5B:21:2B:7B:E8:81:92:71:D8:C4:00:D4:01:AE:44
fbroot, Jan 12, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): DC:CC:ED:5D:8A:75:CD:5D:28:0F:E1:83:D2:BD:5D:10:4E:B9:B1:1F
fbintca, Jan 12, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 54:25:68:5C:E9:81:FB:42:DF:54:7B:BE:8B:F2:4C:2A:66:C2:A9:8A
[oracle@prn-finoamprd01 ssl]$
4) Verification of certificate installed in jks
/opt/app/fmw/products/jdk/bin/keytool -list -keystore prmprd.thefacebook.com.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 4 entries
prn-casub02, Jan 12, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): C6:07:B0:24:90:F4:F7:51:07:87:F3:EF:C9:05:6E:2E:1B:B9:44:11
prmprd, Jan 12, 2018, PrivateKeyEntry,
Certificate fingerprint (SHA1): 29:29:3F:92:7A:5B:21:2B:7B:E8:81:92:71:D8:C4:00:D4:01:AE:44
fbroot, Jan 12, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): DC:CC:ED:5D:8A:75:CD:5D:28:0F:E1:83:D2:BD:5D:10:4E:B9:B1:1F
fbintca, Jan 12, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 54:25:68:5C:E9:81:FB:42:DF:54:7B:BE:8B:F2:4C:2A:66:C2:A9:8A
No comments:
Post a Comment