Page History
...
This private key should be guarded carefully. Ideal places include an encrypted disk volume and non-persistent, RAM-based disk (such as /dev/shm
in CentOS or Debian).
Now Having now obtained the private key file either from openssl
or keytool
, combine the private key with the chained cert into a PKCS12 package (.pfx
or .p12
suffix) that will set the stage to import the bundle into the final keystore. The most important concept about using a third-party certificate is that we must construct a chain of trust that an application such as SHRINE can trace from the endpoint certificate all the way back to the root CA. Without this trust tracingverification, SHRINE will be unable to establish a proper cryptographic basis upon which secure communication can proceedon which it could then use the certificates as intended. In light of this important idea, in the following command (again, assuming that the private key file is called private_key.pem
), the certificates_file
contains the new certificate plus all intermediate certificates plus the root certificate, and the ca_certificate
contains the intermediate certificates plus the root certificate. Run this command to bundle the private key, the endpoint certificate, and all intermediate and root certificates into one single entry within the PKCS12 store:
...