Command path:
- windows: {acs}\jre\bin\keytool
- linux: /usr/javase/jre/bin/keytool
Steps: How to add an SSL Certificate to ACS2
- Create a certificate keystore by executing the following command:
(file name: tr069.keystore)
keytool -v -genkey -alias tr069 -keystore tr069.keystore -storepass rmi+ssl -keypass rmi+ssl -keyalg RSA -keysize 2048 -validity 36500
# The following questions will be asked if not known:
# What is your first and last name? – This is the Common Name (Domain Name)
# What is the name of your organizational unit?
# What is the name of your organization?
# What is the name of your City or Locality?
# What is the name of your State or Province?
# What is the two-letter country code for this unit?
# You will then be asked if the information is correct:
# Is CN=www.yourdomain.com, OU=Your Organizational Unit, O=Your Organization, L=Your City, ST=Your State, C=Your Country correct?
A file named tr069.keystore is created.
- Create a local Certificate Signing Request (CSR) by executing the following command:
(file name: certreq.csr)
keytool -certreq -alias tr069 -keyalg RSA -file certreq.csr -keystore tr069.keystore -storepass rmi+ssl -keypass rmi+ssl
A file named certreq.csr is created.
- Submit to the Certificate Authority:
Now you have a file called certreq.csr that you can submit to the Certificate Authority.
- Importing the Root Certificate:
(file name: root.cer)
Download a Root Certificate from the Certificate Authority you obtained the Certificate from.
Import Root Certificate by executing the following command:
keytool -import -alias root -keystore tr069.keystore -storepass rmi+ssl -keypass rmi+ssl -trustcacerts -file root.cer
- Importing the Intermediate Certificate:
(file name: intermediate.cer)
Download a intermediate Certificate from the Certificate Authority you obtained the Certificate from.
Import Intermediate Certificate by executing the following command:
keytool -import -alias intermediate -keystore tr069.keystore -storepass rmi+ssl -keypass rmi+ssl -trustcacerts -file intermediate.cer
- Importing the trusted Certificate:
(file name: trusted.cer)
Download a Certificate from the Certificate Authority you obtained the Certificate from.
Import your trusted Certificate by executing the following command:
keytool -import -alias tr069 -keystore tr069.keystore -storepass rmi+ssl -keypass rmi+ssl -trustcacerts -file trusted.cer
- Replace old keystore file:(path: {acs path}\server\default\conf\tr069.keystore)
- Restart ACS