Creating Your SSL Certificate
First create the SSL certificate before sending it over to a Certificate Authority for validation.
To use the Java keytool to create your SSL certificate, ensure that your installed JDK version is at least 1.6.
Creating a Keystore
Use the keytool command to create a new key-CSR pairing. The following example command creates this pairing:
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore domainname.jks
'domainname' is the name of the domain you are securing. However, for a Wildcard Certificate, do not include * in the beginning of the filename, as this is not a valid filename character.
It is not necessary to use the domain name in the command above. The keystore can be of any name However, for easy identification, we recommend that you use the domain name.
- Enter the domain name information. Enter your domainname and extension(i.e., www.domainname.com)when prompted for first name and last name. If you are ordering a Wildcard Certificate this must begin with *. (example: *.domainname.com)
- Confirm that the information is correct by entering 'y' or 'yes' when prompted. Next enter a password to confirm. Make sure to remember the password you choose.
Generating your CSR
Use keytool to create the Certificate Signing Request (CSR). The following example command creates the CSR:
keytool -certreq -alias server -keyalg RSA -file domainname.csr -keystore domainname.jks
Again, 'domainname' is the name of the domain you are securing. (without the * character if you are ordering a Wildcard Certificate).
The domain name should be the domain name of Adeptia server
Enter the keystore password that you entered when creating the keystore.
Send this CSR to a certificate signing authority (CA) such as Digicert or Verisign to sign it.
Perform the following step of importing your CA certificate, after you get the signed certificate from the CA.
Importing your CA Certificate in Java Keystore
Use the command as shown in the following example, to import your certificate into the same Java Keystore that you created earlier.
keytool -import -trustcacerts -alias root -file domainname.csr -keystore domainname.jks
If you have received multiple files from the CA, say a root certificate and an intermediate certificate, then import each one to the same Java Keystore, with an unique alias.For example:
keytool -import -trustcacerts -alias root -file domainname-root.csr -keystore domainname.jks
keytool -import -trustcacerts -alias intermediate -file domainname-intermediate.csr -keystore domainname.jks
The files received from the CA are usually in .csr or .pem format.
- Copy this keystore in the preferred location (<AdeptiaInstallationDirectory>/AdeptiaServer/ServerKernel/etc/jetty)
- Register the keystore entry in the jetty.xml file Adeptia. Provide the path of the keystore created above. The jetty.xml file is located in the same folder as the keystore (i.e. <AdeptiaInstallationDirectory>/AdeptiaServer/ServerKernel/etc/jetty in our example.)
Modify the sslContextFactory section to add the path of the keystore, and the keystore password (the password returned earlier when creating the keystore), as shown:
Restart the Kernel and Webrunner services. (This is shown in Starting Adeptia Suite Kernel and WebRunner on Linux and Solaris)