Issue
- Generate a Private key pair on your side:
keytool -genkey -alias ServiceNow_alias -keyalg RSA -validity 365 -keystore myKeystore.keystore -storepass pass123 -keypass pass123
- Extract the Public certificate yourPublicCert.cer from the above keystore:
keytool -export -alias ServiceNow_alias -keystore myKeystore.keystore -storepass pass123 -file yourPublicCert.cer
- Convert yourPublicCert.cer to yourPublicCert.pem:
openssl x509 -inform der -in yourPublicCert.cer -out yourPublicCert.pem
Supply the extracted Public Certificate yourPublicCert.pem to your third-party so that they can add it to their Trust Store.
Now, prepare your keystore for Mutual Authentication:
- Convert the third-party's public certificate 3rdPublicCert.pem to 3rdPublicCert.cer:
openssl x509 -outform der -in 3rdPublicCert.pem -out 3rdPublicCert.cer
- Import the third-party's public certificate 3rdPublicCert.pem into above-created Customer's Private key pair Keystore:
keytool -import -alias Puppet -keystore myKeystore.keystore -file 3rdPublicCert.cer
This keystore is now ready to be used for Mutual Authentication.
Advise the customer to get their keystore certified by a CA, otherwise, it remains self-signed which is not recommended.
Related Links
Helpful KB for debugging Mutual Authentication: KB0696599 - Debugging Mutual Authentication
Mutual Authentication Overview: KB0691876 - Mutual Authentication: Overview