Advantages of using the Certificate Management Tool for SSL Certificates

As an overall security strategy, SSL security is a key component of the Rocket MultiValue application platform. The release of U2 Common Client 5.2.0 debuts a new tool, the Certificate Management Tool (CMT), which will reduce the overhead of system administrators in managing SSL certificates.

Why does the MV application platform need a new tool for SSL certificates?

The existing process of generating SSL certificates using XAdmin is complicated and involves many steps, which makes keeping track of and implementing security certificates a time-consuming and burdensome responsibility for system administrators. This new tool streamlines the SSL certificate creation procedure for system administrators.

What is CMT?

Part of U2 Common Client 5.2.0, the Certificate Management Tool (CMT) is a Windows Command Line tool that allows administrators to easily create, convert, edit and test certificates.

Before Running CMT

Please note, you need to configure the following environment before you can use the CMT.

Detailed Functionalities introduction

The Certificate Management Tool is run through the Windows Command Prompt, and there are 12 options that users can choose from:

  1. PFX (PKCS#12) to PEM (PKCS#8) Converter
  2. PFX Certificate Store Converter to PKCS#8 Store
  3. PEM Server Certificate and Private Key to PFX
  4. DER/PEM/PFX Import into NEW or EXISTING Java KeyStore
  5. Create CSR and Self-Signed Certificate (PFX or PEM)
  6. View PFX File Contents
  7. PEM Chain Certificates and Private Key to PFX)
  8. SSL Test Client
  9. SSL Test Server
  10. View Java KeyStore Contents
  11. Extract Entry from Java KeyStore into PFX
  12. Check PEM Certificate Expiry

In the next section, you’ll see screen shots from demos of each of the above 12 options. The tool comes with documentation that you can reference for more detailed information.

Even though the menu items are ordered from 1 to 12, I use them in a different order when using the CMT. For example, when preparing files, especially PFX files, I recommend using the order listed below:

  • Start here with option 5 to create the test certificate
  • Then use option 6 to view the newly generated PFX file contents
  • Now you can use option 12 to check the expiry of the new certificate
  • Next to start the SSL server by using the new certificate, you’ll use option 9
  • Option 8 is next to connect to the SSL server started by last step
  • To generate a new PFX file using the existing PEM file and private key, use option 3
  • Finally use the option 1 to convert the existing PFX file to PEM

Now I’m going to go through each menu option in order. I’ve included screen shots from the demo which I hope you find useful.

Option 1: PFX (PKCS#12) to PEM (PKCS#8) Converter

This function converts a PFX format file to its corresponding PEM PKCS#8 format.

Option 2: PFX Certificate Store Converter to PKCS#8 Store

This function converts the local machine’s Microsoft Certificate Store from .pfx (PKCS#12) format to .pem (PKCS#8) format.

Option 3: PEM Server Certificate and Private Key to PFX

This function converts a PEM format certificate to a PFX format file. Please note, you need both passwords: one for the original private key and one for exporting the password for the PFX file.

When a new file is created, its contents can be viewed by selecting Option 6 in the main menu.

Option 4: DER/PEM/PFX Import into NEW or EXISTING Java KeyStore

This function imports certificates in DER/PEM/PFX format into the Java Key store and the key store will be created if it does not exist.

Option 5: Create CSR and Self-Signed Certificate (PFX or PEM)

This function allows users to create a CSR and self-signed certificates in .pfx and .pem format.

During the creation process, a password is needed.  Like in Option 3, the password is used for the original private key for the PEM certificate and for exporting the password for the PFX file.

Option 6: View PFX File Contents

This function allows users to view the information of a PFX file. A password, which was input when creating this file is needed as well as another password to list the contained private key.

Option 7: PEM Chain Certificates and Private Key to PFX

This function creates a PFX format certificate by inputting the PEM chain certificates.

Option 8: SSL Test Client

This function creates a test SSL client to connect to a test server. A CA certificate will be required.

Option 9: SSL Test Server

This function creates an SSL test server, which requires a certificate and a private key.

Option 10:  View Java KeyStore Contents

This function allows users to view the certificates in the Java KeyStore.

Option 11: Extract Entry from Java KeyStore into PFX

This function extracts certificates from the Java KeyStore and stores them in the PFX format.  During the operation, users need to provide the Java KeyStore password; the PFX store also needs a password when it’s generated (the password must be at least 6 characters).

Option 12: Check PEM Certificate Expiry

This function is used to check the expiration information for a certificate.

 

 

JianJun Li

JianJun Li 1 Posts

Jianjun Li, a senior software engineer and works in the Rocket Beijing office. He has over seven years of experience developing both UniVerse and UniData. Li is an experienced C/C++/Python/C#/Java developer and has worked on various Rocket MultiValue client products including NETDK, JDBC, and ODBC. Li’s current focus is security for both UniVerse and UniData, with a goal of providing new security features to keep our customers’ data safer in a modern yet challenging networked world.

0 Comments

Leave a Comment

Your email address will not be published. Required fields are marked *