Hi all,
After struggling with official TLD certificates on OpenHAB I was able to get a structured approach that will allow you to add an official certificate in minutes instead of hours (even days).
I used the other posts on SSL in OpenHAB as a base but had to combine a bunch of them to be successful.
Anyway, these are the steps using a DigiCert wildcard certificate on a Openhabian installation on Raspberry Pi 3B+. I did also test this methodology on a Ubuntu VM in HyperV in a Linux OpenHAB install. Works like a charm.
Hope this helps. Will post this as a single post as well.
BACKUP your default keystore !!!
cd /var/lib/OpenHABInstallDir/etc/
cp keystore keystore.backup
Passwords are ‘openhab’ or assumed to be.
STOP OpenHAB
sudo systemctl stop OpenHABInstallDir
This example uses a DigiCert wildcard certificate
- cat DigiCertCA.crt yourOfficialTLD_cert.crt > yourOfficialTLD_cert_chain.pem
- openssl pkcs12 -export -inkey yourOfficialTLD_cert.key -in yourOfficialTLD_cert__chain.pem -out yourOfficialTLD_oh.p12 [Make sure password is openhab]
- keytool -keystore /var/lib/OpenHABInstallDir/etc/keystore -list -v [Note alias: should be mykey]
- keytool -delete -alias mykey -keystore /var/lib/OpenHABInstallDir/etc/keystore
- keytool -keystore /var/lib/OpenHABInstallDir/etc/keystore -list -v
- keytool -list -keystore /tmp/cert/yourOfficialTLD_oh.p12 -storetype pkcs12 [Note alias: should be 1]
- keytool -importkeystore -srckeystore /tmp/cert/yourOfficialTLD_oh.p12 -srcstoretype PKCS12 -destkeystore /var/lib/OpenHABInstallDir/etc/keystore -deststoretype jks -destalias mykey -srcalias 1
START OpenHAB
##sudo systemctl start OpenHABInstallDir
Cheers.
Edward