C.1.2 Creating a new SSL KeyStore

The SSL certificate that is provided with the server during installation is a sample certificate only. To use SSL for communicating with your MySQL Enterprise Service Manager and MySQL Enterprise Monitor User Interface, replace the supplied certificate with your own certificate.

The certificate keystore is located in the apache-tomcat/conf/myKeystore file within your MySQL Enterprise Service Manager installation.

To create a new self-signed certificate, use the keytool command (provided with Java SE Security) to create a new certificate file:

shell> keytool -genkey -alias tomcat -keyalg RSA -validity 1825 -keystore newKeystore

You will be prompted to fill in the certificate information and to provide a unique password for the certificate.

The -validity specifies the length of the certificate created, specified in days. The -alias is required to ensure that the certificate is associated with tomcat.

Once you have created the new keystore, shut down MySQL Enterprise Service Manager, copy the new keystore file to apache-tomcat/conf/myKeystore, and restart MySQL Enterprise Service Manager.

If you have an existing certificate that you would like to import into your keystore, you need to import the certificate using the following command:

shell> keytool -import -alias tomcat -keystore newKeystore -file public.pem

For more information on using SSL certificates in Tomcat see Apache Tomcat 6.0: SSL Configuration HOW-TO.