RTC V7: how to change the certificate in liberty server?
Hello,
I installed RTC V7 with embedded liberty and derby database. Could you please help to see how I can change the self-signed localhost certificate to a CA-signed certificate (I have the identify and trust keystores ready for use)?
Thanks a lot
Frank
|
One answer
If you have a key store from which a signing request was made and sent to some CA, the new certificate receive into the key store, you can configure Liberty to use those key stores rather simply.
Find the keyStore definition in server.xml ( e.g. )
<keyStore id="defaultKeystore" location="key.p12" type="PKCS12" password="{xor}#NSO#ENHWEF">Modify the location for the key store if the location doesn't start with / or c:\ the location is relative to the Liberty server definition. type denotes the key store type, the default is JKS. To get the encoding for your key store password use the Liberty/bin/securityUtility
Actions:
encode
Encode the provided text.
createSSLCertificate
Create a default SSL certificate for use by the server or
client configuration.
createLTPAKeys
Create a set of LTPA keys for use by the server, or that can be shared
with multiple servers. If no server or file is specified, a ltpa.keys
file will be created in the current working directory.
help
Print help information for the specified action.
Options:
Use help [actionName] for detailed option information of each action.
Example:
lib/wlp18/bin/securityUtility encode framework
{xor}OS0+MjooMC00
Copy paste the whole bit from the securityUtility for password= value
The defaultTrustStore can be defined in a similar fashion. You may need an ssl section to hook your certificates file to the http endpoints:
<ssl keyStoreRef="defaultKeyStore" trustStoreRef="defaultKeyStore" sslProtocol="TLSv1.2" id="sslRep" />
The clm server that gets created has only a few references to keyStore so it is probably enough to provide your own key store file / password here:
<ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" sslProtocol="SSL" enabledCiphers="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"/>
<keyStore id="defaultKeyStore" location="ibm-team-ssl.keystore" type="JCEKS" password="{xor}Nj0ycis6PjI="/>
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.