Configuring the NIO HTTPS Interface of Redwood PlatformChecking Your License

on-site-related topic Importing a Certificate Authority into your JVM Certificate Authority Store

You want to connect Redwood Server to remote servers over SSL/TLS that use self-signed certificates. You have signed these certificates with your Certificate Authority (CA). You retrieve the CA root certificate that you used for signing and import that into the CA store of your JVM.

To get the CA certificate file; ask the person who signed the certificate or if it is stored in a keystore, export it from the keystore.

warning

Always make sure that you can trust the certificate prior to importing!

note

The keytool and paths are the same on HP, IBM, and Oracle JVM's; the instructions do not differ for these platforms.

Prerequisites

  • The root CA certificate file must be available.
  • Installed and configured Java Development Kit (JDK), which should ideally be the latest version shipped by the platform vendor (it must be supported).

Procedure

Import the CA File into your JVM CA Store

  1. The keytool must be from the JVM used by your application server; if you have Redwood Server running in a cluster, you have to perform the following on each cluster node.
  2. Run the following command:
  3. keytool -cacerts -importcert -alias <some_alias> -file <file>.
  4. You will be prompted for the password. The default password is changeit.
  5. Run the following command to check the certificate has been imported successfully:
  6. keytool -list -keystore cacerts.

Change the Default Store Password

  1. The keytool must be from the JVM used by your application server; if you have Redwood Server running in a cluster, you have to perform the following on each cluster node.
  2. The command must be run as super-user or Administrator.
  3. keytool -storepasswd -keystore cacerts.
  4. You will be prompted for the password. The default password is changeit. You will be prompted to specify the new password twice, to make sure you make no typo.

Exporting a Certificate from a keystore

  1. From the command line, perfom the following command.
  2. keytool -exportcert -alias <alias> -file <file>.cer {-keystore <keystore> | -cacerts}.
  3. <alias> - the alias you specified when you created the keystore.
  4. <file> - the output file name.
  5. <keystore> - the keystore which you used to sign the original certificate, use -cacerts to import into the cacerts store.

See Also

onsiteTopic

Configuring the NIO HTTPS Interface of Redwood PlatformChecking Your License