SSL-Certificate Expired on 31.12.2009
6 answers
Where can I get new SSL-Certificate for RTC? and how to install it?
RTC 2.0.0.2 on SuSe 10 64bit.
By each logon on Web UI or Eclipse the team members get message Certificate expired. You use this page on your own risk.
There is a default certificate present in the RTC code. It will be referenced
by the tomcat/conf/server.xml
Here is an example Connector:
<Connector port="9443"
address="some-server"
connectionTimeout="20000"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
scheme="https"
secure="true"
clientAuth="false"
keystoreFile="key.jks"
keystorePass="some-password"
keyAlias="some-alias"
sslProtocol="SSL_TLS"
algorithm="IbmX509"
URIEncoding="UTF-8" />
You could update the expiration using Ikeyman by finding the keystoreFile and keystorePass values. Ikeyman is found in jre/bin relative to the RTC install. You could also create a new self-signed certificate in a new key file and give it whatever properties you wish.
That may suffice. If you require an "official" signed certificate from a CA you can use ikeyman to create a certificate request and purchase the
certificate.
Where can I get new SSL-Certificate for RTC? and how to install it?
RTC 2.0.0.2 on SuSe 10 64bit.
By each logon on Web UI or Eclipse the team members get message Certificate expired. You use this page on your own risk.
There is a default certificate present in the RTC code. It will be referenced
by the tomcat/conf/server.xml
Here is an example Connector:
<Connector port="9443"
address="some-server"
connectionTimeout="20000"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
scheme="https"
secure="true"
clientAuth="false"
keystoreFile="key.jks"
keystorePass="some-password"
keyAlias="some-alias"
sslProtocol="SSL_TLS"
algorithm="IbmX509"
URIEncoding="UTF-8" />
You could update the expiration using Ikeyman by finding the keystoreFile and keystorePass values. Ikeyman is found in jre/bin relative to the RTC install. You could also create a new self-signed certificate in a new key file and give it whatever properties you wish.
That may suffice. If you require an "official" signed certificate from a CA you can use ikeyman to create a certificate request and purchase the
certificate.
Thank you
Yesterday i tried to create a certificate, but something gone wrong. May you write some steps, and what kind of packedging i have to choose (jsk, CMS)?
I use the ikeyman that comes in the deployed jre. Relative to the RTC install it is jre/bin/ikeyman (aix).
Based on the characteristics in the Connector I showed earlier, I create a CMS keyfile. Once the key file is created switch the menu below "Key database content" to Personal Certificates. Click on the New Self Signed...
After creating the certificate use the label you gave for the keyAlias property.
Yesterday i tried to create a certificate, but something gone wrong. May you write some steps, and what kind of packedging i have to choose (jsk, CMS)?
I use the ikeyman that comes in the deployed jre. Relative to the RTC install it is jre/bin/ikeyman (aix).
Based on the characteristics in the Connector I showed earlier, I create a CMS keyfile. Once the key file is created switch the menu below "Key database content" to Personal Certificates. Click on the New Self Signed...
After creating the certificate use the label you gave for the keyAlias property.
Also, how do we know the password to open the key file? It appears to have been installed by default. I never supplied a password for a public file.
Yesterday i tried to create a certificate, but something gone wrong. May you write some steps, and what kind of packedging i have to choose (jsk, CMS)?
I use the ikeyman that comes in the deployed jre. Relative to the RTC install it is jre/bin/ikeyman (aix).
Based on the characteristics in the Connector I showed earlier, I create a CMS keyfile. Once the key file is created switch the menu below "Key database content" to Personal Certificates. Click on the New Self Signed...
After creating the certificate use the label you gave for the keyAlias property.
Also, how do we know the password to open the key file? It appears to have been installed by default. I never supplied a password for a public file.
I figured it out. The passkey was in my ini file. ;-)