Using HTTPS

Overview

This page describes using configiration options and the keytool utility to configure UCS to use secure HTTPS connections.

• Keytool is a key and certificate management utility included in JDK or JRE installations. For instance, when you install Java Environment and Libraries for eServices and UCS, keytool is placed in the \jre\bin directory.
• Prior to release 8.1.0, you add the options to the cview section.

Procedure

This procedure makes use of keytool, which is a key and certificate management utility included in JDK or JRE installations. For instance, when you install Java Environment and Libraries for eServices and UCS, keytool is placed in the \jre\bin directory.

1. Generate a key-pair for the certificate. The following is an example command line:

   keytool -genkey -v -alias hostname.example.com 
   -dname "CN=hostname.example.com,OU=IT,O=ourcompany,C=FR" -keypass theKeyPassword 
   -keystore certificate.jks -storepass theKeystorePassword -keyalg "RSA" -sigalg "SHA1withRSA" 
   -keysize 2048 -validity 3650
   

2. Set configuration options in your UCS Application object.
   • Add the following options to the cview section. See the Configuration Options page for full descriptions.
     • keyPassword, keystorePassword, keystorePath, keystoreType—Set values according to the values used in the command line.
     • port-https—Choose a value that is appropriate for your environment. You can also configure the port-http option, but it is not required.
3. Export the certificate from UCS. Following is an example command line:

   keytool -export -v -alias hostname.example.com -file certificate.cer 
   -keystore certificate.jks -storepass theKeystorePassword 
   

4. Import the certificate on all clients of UCS. Following is an example command line:

   keytool -import -alias hostname.example.com -file certificate.cer 
   -keystore .keystore -storepass anotherPassword
   

Example

This screenshot shows UCS configured to listen on both HTTP and HTTPS ports.