1. Server Manager Guide
  2. Steps with Examples

Steps with Examples

  1. Create the Identity Store: Create the Identity store (Keystore) that stores the private key. Typically, the Identity store is created on the Server Manager Console machine only.

    C:\Java64\jdk1.8.0_211\bin\keytool -genkey -alias <your_machine_name> -keyalg RSA -keypass <private_key_password> -storepass <identity_store_password> -keystore C:\certs\keystore.jks

  2. Export the Certificate: Export the Certificate from the Keystore created in previous step. Typically, the Certificate is exported to the Server Manager Console machine only.

    C:\Java64\jdk1.8.0_211\bin\keytool -export -alias <your_machine_name> -storepass <identity_store_password> -file C:\certs\<your_machine_name>.cer -keystore C:\certs\keystore.jks

    The Certificate is stored in the file: C:\certs\<your_machine_name>.cer.

  3. Import the Certificate: Import the Certificate from the Certificate file created in previous step. Typically, the Certificate is imported to Server Manager Console, Server Manager Agents, and on all machines that have Managed Instances. If you are using a custom Truststore, you will must import the Certificate into the custom Truststore. The command to import the Certificate to the Standard Truststore (cacerts file) is as follows:

    • Windows Platform

      C:\Java64\jdk1.8.0_211\bin\keytool -import -v -trustcacerts -alias <your_machine_name> -file C:\certs\<your_machine_name>.cer -keystore C:\Java64\jdk1.8.0_211\jre\lib\security\cacerts -keypass <private_key_password> -storepass <trust_store_password>Certificate was added to keystore [Storing C:\Java64\jdk1.8.0_211\jre\lib\security\cacerts]

      Run the following command to confirm that the import process was successful:

      C:\Java64\jdk1.8.0_211\bin\keytool -list -v -keystore C:\Java64\jdk1.8.0_211\jre\lib\security\cacerts -alias <your_machine_name> -storepass <trust_store_password>

    • UNIX Platform

      /u01/java8/bin/keytool -import -v -trustcacerts -alias <your_machine_name> -file /u01/certs/<your_machine_name>.cer -keystore /u01/java8/jre/lib/security/cacerts -keypass <private_key_password> -storepass <trust_store_password>Certificate was added to keystore [Storing /u01/java8/jre/lib/security/cacerts]

      Run the following command to confirm that the import process was successful:

      /u01/java8/bin/keytool -list -v -keystore /u01/java8/jre/lib/security/cacerts -alias <your_machine_name> -storepass <trust_store_password>

    • AS/400 Platform

      /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/bin/keytool -import -v -trustcacerts -alias <your_machine_name> -file /certs/<your_machine_name>.cer -keystore /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/jre/lib/security/cacerts -keypass <private_key_password> -storepass <trust_store_password>Certificate was added to keystore [Storing /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/jre/lib/security/cacerts]

      Run the following command to confirm that the import process was successful:

      /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/bin/keytool -list -v -keystore /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/jre/lib/security/cacerts -alias <your_machine_name> -storepass <trust_store_password>

Note: If there are multiple Certificates in the Certificate Chain of the Server Manager Console, all the Certificates in the Certificate Chain must be imported into the Truststore. Import of multiple files is commonly required for a CA Signed Certificate where a Root Certificate and an Intermediate Certificate exist in addition to the actual Certificate used by the Server Manager Console.