Converting NLE keystores to JKS
NLE requires a JKS keystore for storing certificates and keys when setting up secure connections. This procedure shows how create the JKS keystore by converting a PKCS12 keystore as set up in Creating NLE keystores. For an overview of the whole procedure, see Securing connections with SSL/TLS.
On every host where you created an NLE PKCS12 keystore, convert the keystore to JKS. Here is an example conversion procedure. You can use any tool or command that produces the same result.
- Use Java Keytool to generate a new keystore with the private key and certificate.
Note: The deststorepass must be the same as the PKCS12 keystore password.
This NLE example generates nle_keystore.jks:
keytool -importkeystore -deststorepass caSigned -destkeystore caSignedNLE.jks -srckeystore caSignedNLE.p12 -srcstoretype PKCS12
Importing keystore caSignedNLE.p12 to caSignedNLE.jks...
Enter source keystore password: caSigned
Entry for alias nle successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
- Copy the keystore to its storage location and configure the location in https.keyStore (see Configuring NLE security). The recommended filepath is NLE_HOME/config/caSignedNLE.jks.
- Set keystore permissions. Ensure that the keystore is readable by the nuance user or the local system account.
Windows: For each keystore file, right-click, select Properties, select the Security tab, and change the permissions so that the SYSTEM account has Read permission.
Linux: run these commands:
# change directory to the location of the NLE keystore
> chown nuance.nuance nle_keystore.jks
> chmod 600 nle_keystore.jks