Self-signed certificate in DER format
I already have a self-signed certificate encoded in DER format that I would like to use.
The following section will describe how to import your certificate in .der format into PAM so that the Federated Sign-In module can be utilized.
If you do not have a certificate or if it is not in the .der format, please review the previous section of this article.
- Open a command line and navigate to the folder where PAM is installed {$PAM_HOME} and issue the following command:
- For Windows, substitute ALIAS_NAME with the unique identifying string for the key, and PATH_TO_CERT.der with the location and name of the .der certificate file to be imported and used by the Federated Sign-In module.
- For Unix or Linux, substitute ALIAS_NAME with the unique identifying string for the key, and PATH_TO_CERT.der with the location and name of the .der certificate file to be imported and used by the Federated Sign-In module.
- After the command is issued, you will be prompted for the keystore password. Enter the value changeit and press the Enter key to continue.
- When asked Trust this certificate [n]: enter y for yes and press the Enter key to continue.
- The confirmation message Certificate was added to keystore will appear when the import process has completed successfully.
- Now that the certificate has been added, you can return to the Federated Sign-In article to complete the setup using this self-signed certificate.
bin\PamKeytool.cmd -import -alias ALIAS_NAME -file PATH_TO_CERT.der -keystore jre\lib\security\cacerts
bin/PamKeytool.sh -import -alias ALIAS_NAME -file PATH_TO_CERT.der -keystore jre/lib/security/cacertsThe import is complete and now the PAM Federated Sign-In module is now setup to be secured with your own internal or self-signed certificate.
If you have done this previously, are unsure if the import was successfully or you simply want to double check, please continue to the next section to check which certificate are in the store.
