Command path:

  • windows:   {acs}\jre\bin\keytool
  • linux:     /usr/javase/jre/bin/keytool

 

Steps: How to add an SSL Certificate to ACS2

  1. Create a certificate keystore by executing the following command:

(file name: tr069.keystore)

keytool -v -genkey -alias tr069 -keystore tr069.keystore -storepass rmi+ssl -keypass rmi+ssl -keyalg RSA -keysize 2048 -validity 36500

 

# The following questions will be asked if not known:

# What is your first and last name? – This is the Common Name (Domain Name)

# What is the name of your organizational unit?

# What is the name of your organization?

# What is the name of your City or Locality?

# What is the name of your State or Province?

# What is the two-letter country code for this unit?

 

# You will then be asked if the information is correct:

# Is CN=www.yourdomain.com, OU=Your Organizational Unit, O=Your Organization, L=Your City, ST=Your State, C=Your Country correct?

 

A file named tr069.keystore is created.

 

  1. Create a local Certificate Signing Request (CSR) by executing the following command:

(file name: certreq.csr)

keytool -certreq -alias tr069 -keyalg RSA -file certreq.csr -keystore tr069.keystore -storepass rmi+ssl -keypass rmi+ssl

 

A file named certreq.csr is created.

 

  1. Submit to the Certificate Authority:

Now you have a file called certreq.csr that you can submit to the Certificate Authority.

 

  1. Importing the Root Certificate:
    (file name: root.cer)

Download a Root Certificate from the Certificate Authority you obtained the Certificate from.

Import Root Certificate by executing the following command:

 

keytool -import -alias root -keystore tr069.keystore -storepass rmi+ssl -keypass rmi+ssl -trustcacerts -file root.cer

  1. Importing the Intermediate Certificate:
    (file name: intermediate.cer)

Download a intermediate Certificate from the Certificate Authority you obtained the Certificate from.

Import Intermediate Certificate by executing the following command:

 

keytool -import -alias intermediate -keystore tr069.keystore -storepass rmi+ssl -keypass rmi+ssl -trustcacerts -file intermediate.cer

 

  1. Importing the trusted Certificate:
    (file name: trusted.cer)

Download a Certificate from the Certificate Authority you obtained the Certificate from.

Import your trusted Certificate by executing the following command:

 

keytool -import -alias tr069 -keystore tr069.keystore -storepass rmi+ssl -keypass rmi+ssl -trustcacerts -file trusted.cer

 

  1. Replace old keystore file:(path: {acs path}\server\default\conf\tr069.keystore)

 

  1. Restart ACS