| Table of Contents | ||
|---|---|---|
|
Configure Certificate Within FlexDeploy
Certificate credentials support a certificate file upload and an optional password.
...
Input Name | Required | Description | Input Type | |||
|---|---|---|---|---|---|---|
Certificate | Yes | Certificate which will have its content stored in encrypted format. | File | Password | No | Password for accessing the certificate (optional). | Text
You can reference Certificate credential where supported. For example,
...
How to generate Private Key & Certificate
See example commands below to generate Private Key and Certificate. Adjust KEY_ALIAS and KEY_PASSWORD before running this. You will get two Private Key files (.pem extension) - with and without Passphrase. You will also get matching Certificate (.cer).
| Code Block | ||
|---|---|---|
| ||
rm -rf ./generated
mkdir generated
cd generated
export KEY_ALIAS=FDOCI1
export KEY_PASSWORD=Welcome1
# Generate Private Key and Certificate with Passphrase
keytool -genkey -keyalg RSA -alias $KEY_ALIAS -keystore keystore.jks -storepass $KEY_PASSWORD -validity 365 -keysize 2048 -keypass $KEY_PASSWORD
# Export Certificate
# This Certificate can be uploaded for FlexDeploy Certificate type Credential
keytool -exportcert -alias $KEY_ALIAS -file ${KEY_ALIAS}.cer -keystore keystore.jks -storepass $KEY_PASSWORD -rfc
sed -i 's/\r//g' ${KEY_ALIAS}.cer
# Convert to Keystore to PKCS12 format and export Private Key file.
keytool -importkeystore -srckeystore keystore.jks -srcstorepass $KEY_PASSWORD -destkeystore keystore.p12 -deststoretype pkcs12 -destkeypass $KEY_PASSWORD -deststorepass $KEY_PASSWORD
# This Private Key can be uploaded to FlexDeploy Private Key type Credential along with Passphrase (set in KEY_PASSWORD on line 6 above)
openssl pkcs12 -in keystore.p12 -passin pass:$KEY_PASSWORD -passout pass:$KEY_PASSWORD -nocerts -out $KEY_ALIAS.pem
cd .. |
Referencing Certificate Values As Properties
A Certificate credential that is assigned to an encrypted property within FlexDeploy can be referenced for property replacement or groovy variables. In order to reference the certificate, then only the property code can be used. If you want to access the password, then attach the suffix “_PASSWORD” (case sensitive) to the property code.
For example, we have an encrypted property on this workflow with the code WEB_CERTIFICATE.
...
We could have a step in our workflow to execute an operation that will connect to an external system using the certificate of the property configured on the project. Below is an example of referencing our property in a groovy script, but it would be similar for environment variables or property replacement within files. For accessing the certificate then we would use the code WEB_CERTIFICATE. For accessing the password, then it would be WEB_CERTIFICATE_PASSWORD. Note that if referencing the password like this, it could fail if the actual value of the property during execution is not a Certificate type credential.
...
...