From 1adac983355c64151a6c8998990565a9b1dbabb4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20tom=20W=C3=B6rden?= <h.tomwoerden@indiscale.com>
Date: Tue, 1 Sep 2020 11:03:14 +0200
Subject: [PATCH] DOC: add information on how to create the keystore from cert
 files

---
 README_SETUP.md | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/README_SETUP.md b/README_SETUP.md
index 554cd5da..8d16aa1e 100644
--- a/README_SETUP.md
+++ b/README_SETUP.md
@@ -67,11 +67,16 @@ server:
 2. Create an SSL certificate somewhere with a `Java Key Store` file.  For
    self-signed certificates (not recommended for production use) you can do:
    - `mkdir certificates; cd certificates`
-   - `keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -validity 375 -keysize 2048 -ext san=dns:localhost`
+   - `keytool -genkey -keyalg RSA -alias selfsigned -keystore caosdb.jks -validity 375 -keysize 2048 -ext san=dns:localhost`
      Replace `localhost` by your host name, if you want.
-   - `keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12 -srcalias selfsigned`
-   - `openssl pkcs12 -in keystore.p12 -nokeys -out cert.pem`
+   - `keytool -importkeystore -srckeystore caosdb.jks -destkeystore caosdb.p12 -deststoretype PKCS12 -srcalias selfsigned`
+   - `openssl pkcs12 -in caosdb.p12 -nokeys -out cert.pem`
    - You can check the content of the certificate with `openssl x509 -in cert.pem -text`
+
+   Alternatively, you can create a keystore from certificate files that you already have:
+   - `openssl pkcs12 -export -inkey privkey.pem -in fullchain.pem -out all-certs.pkcs12`
+   - `keytool -importkeystore -srckeystore all-certs.pkcs12 -srcstoretype PKCS12  -deststoretype pkcs12 -destkeystore caosdb.jks`
+
 3. Copy `conf/core/server.conf` to `conf/ext/server.conf` and change it
    appropriately:
     * Setup for MySQL back-end: Assuming that the mysql back-end is installed
-- 
GitLab