About Installing Certificate Files
The use of a trusted root CA (for example, a commercial certificate or one signed by a trusted internal corporate CA) is strongly recommended for the certificate used by Siebel components — such as the Application Interface, Siebel Server, and Siebel Gateway.
If forced to use a self-signed certificate, then the client will need to explicitly trust the certificate. Check with your browser and operating system vendor for information on how to do this.
When migrating data from a source (development) into another target environment (QA or production), the truststore on the source must include the CA that signed the certificate on the target. If that CA is trusted, the source also trusts any valid certificate signed by that authority.
In summary, the typical steps to obtain and install certificate files are as follows:
Generate a certificate signing request, for example, as follows and send the request off to a Certificate Authority (CA).
keytool -certreq -alias siebel -keystore siebelkeystore.jks - file siebel.csrThe following table explains these parameters:
Parameter
Example Value
Description
-certreq
NA
Indicates that you want to generate a certificate request.
-alias
Siebel
This tells keytool which key to use to generate the certificate.
-keystore
siebelkeystore.jks
The name of the keystore file (you will be prompted to enter the same password used when the file was created).
-file
siebel.csr
The name of the file in which to put the certificate signing request.
Provided the CA decides that you are allowed to have a certificate, the CA will issue a certificate, sign it, and return the certificate to you.
Note: This signed certificate, which contains information about the CA, is what will allow your browser to determine whether to trust the certificate. For example, is the certificate issued by a CA who is defined in your browser’s Trust Store?Import the trusted root CA into the Key Store, which is used by the Web server to provide the certificate to browsers. For example:
keytool -import -alias a_demo_ca -file ca_root.cer -keystore siebelkeystore.jksThe following table explains these parameters:
Parameter
Example Value
Description
-import
NA
Indicates that you want to import the signed certificate.
-alias
a_demo_ca
The name of the root certificate authority.
-file
ca_root.cer
The CA’s certificate (which the CA provides).
-keystore
siebelkeystore.jks
The name of the keystore file (you will be prompted to enter the same password used when the file was created).
If an intermediary CA certificate is required, import it using the same syntax as that used for importing the trusted root CA, except specify the intermediate CA’s certificate. For example:
keytool -import -alias name_of_intermediary CA -file ca_int.cer -keystore siebelkeystore.jksNote: The Certificate Authority will tell you if an intermediary certificate is required.Import the signed certificate using the following syntax:
keytool -import -alias siebel -keystore siebelkeystore.jks -file siebel.cerCreate the Trust Store by importing the root CA into a new keystore as follows:
keytool -import -alias a-demo-ca -file ca_root.cer -keystore truststore.jksThe following table explains these parameters:
Parameter
Example Value
Description
-import
NA
Indicates that you want to import the signed certificate.
-alias
a_demo_ca
The name of the root certificate authority.
-file
ca_root.cer
The CA’s certificate (which the CA provides).
-keystore
truststore.jks
The name of the keystore file (you will be prompted to enter the same password used when the file was created).
For more information about certificate files, see the following topics: