In a command prompt, navigate to [JAVA HOME]/bin
and type the following command to create the credential and keystore:
keytool -genkey -dname "CN=Host Name, OU=Group Name, O=Company Name,L=City Name, S=State, C=Country Code" -alias "LC Cert" -keyalg RSA -keypass –key_password -keystore keystorename.keystore
Note: Replace [JAVA_HOME] with the directory where the
JDK is installed, and replace the text in italic with values that
correspond with your environment. Host Name is the fully qualified
domain name of the application server.
Enter the keystore_password when prompted
for a password. The password for the keystore and the key must be
identical.
Note: The keystore_password entered at this step may be the same password (key_password) that you entered in step 1, or it may be different.
Copy the keystorename.keystore to the [appserver root]/server/[type]/conf directory
by typing one of the following commands:
Export the certificate file by typing the following command:
keytool -export -alias "LC Cert" -file LC_cert.cer -keystore [appserver root]\server\[type]\conf\keystorename.keystore
Enter the keystore_password when prompted for a password.
Copy the LC_cert.cer file to the [appserver root] \conf directory
by typing the following command:
View the contents of the certificate by typing the following
command:
keytool -printcert -v -file [appserver root]\server\[type]\conf\LC_cert.cer
To provide write access to the cacerts file in [JAVA_HOME]\jre\lib\security,
if required, perform the following task:
(Windows)
Right-click the cacerts file and select Properties, and then deselect
the Read-only attribute.
(Linux) Type chmod 777 cacerts
Import the certificate by typing the following command:
keytool -import -alias "LC Cert" -file LC_cert.cer
-keystore JAVA_HOME\jre\lib\security\cacerts
Type changeit as the password. This password
is the default password for a Java installation and may have been
changed by the system administrator.
When prompted for Trust this certificate? [no]:,
type yes. The confirmation "Certificate was added
to keystore" is displayed.
If you are connecting over SSL from Workbench, install the
certificate on the Workbench computer.
In a text editor, open [appserver root]/server/[type]/deploy/jboss-web.sar/server.xml.
In the server.xml file, uncomment the following section:
<!-- SSL/TLS Connector configuration using the admin devl guide keystore
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="8443" address="${jboss.bind.address}" URIEncoding="UTF-8"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
keystorePass="rmi+ssl" sslProtocol = "TLS" />
-->
Change the value for the keystoreFile attribute
and the keystorePass attribute to the keystore
password that you specified when you created the keystore.
Save the server.xml file.
Restart the application server:
To access Administration Console using SSL, type https://[host name]:[port]/adminui in
a web browser:
The default SSL port for JBoss is 8443. From
here on, specify this port when accessing LiveCycle.