Bgrenon/6
bunch of text
my heading
Let's put an equal = sign in
| row |
Collapse
keytool -genkey -alias <alias name> -keyalg <security key algorithm> -validity 360
For example:
/usr/local/java/jdk1.7.0_79/jre/bin/keytool -genkey -alias linux-grat -keyalg RSA
A self-signed certificate will be created by file name .keystore in the user's home directory. If the certificate must be signed by an external CA (Certificate Authority), a CSR needs to be created and submitted to the CA. You can use Keytool to create a CSR. Please see Java documentation for a complete list of Keytool options. }}
Setting up GRAT in SSL Mode
-
[+] Create the Certificate if it is not already available
On GRAT, use Keytool utility to create a self-signed certificate to be used for SSL.
keytool -genkey -alias <alias name> -keyalg <security key algorithm> -validity 360
ImportantWhen prompted for input What is your first and last name?, enter the name of GRAT's Host object in Configuration Server. It must be either GRAT's hostname or the IP address. The value entered here is used in the commonName (CN) property of the certificate.For example:
/usr/local/java/jdk1.7.0_79/jre/bin/keytool -genkey -alias linux-grat -keyalg RSA
A self-signed certificate will be created by file name .keystore in the user's home directory. If the certificate must be signed by an external CA (Certificate Authority), a CSR needs to be created and submitted to the CA. You can use Keytool to create a CSR. Please see Java documentation for a complete list of Keytool options.
[+] Create the Certificate if it is not already available.
On GRAT, use Keytool utility to create a self-signed certificate to be used for SSL.
keytool -genkey -alias <alias name> -keyalg <security key algorithm> -validity 360
For example:
/usr/local/java/jdk1.7.0_79/jre/bin/keytool -genkey -alias linux-grat -keyalg RSA
A self-signed certificate will be created by file name .keystore in the user's home directory. If the certificate must be signed by an external CA (Certificate Authority), a CSR needs to be created and submitted to the CA. You can use Keytool to create a CSR. Please see Java documentation for a complete list of Keytool options.
For example, to enable SSL in the case of Tomcat, the SSL configuration in .../[TOMCAT_HOME]/conf/server.xml looks like this:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/certificates/.keystore" keystorePass="changeit"/>
Where:
- keystoreFile is the path to the certificate file generated in step 1.
- keystorePass is the password created for the certificate in step 1.
- Open GRAT's link https://[ GRAT IP address]:[SSL port number]/genesys-rules-authoring/index.jsp in your browser.
- When it shows the warning about certificates, accept the certificate to be added in the browser's Trusted Certificates list.
- Once the certificate has been downloaded by the browser, export it using the browser's export certificate feature.
<toggledisplay linkstyle font-size:larger showtext="[+] DETAILS" hidetext="[-] HIDE">
| Browser | Procedure |
|---|---|
| IE 11 |
OR
|
| Firefox 40.02 |
OR
|
| Chrome 44.0 |
OR
|
keytool -import -alias <alias> -keystore <cacerts_file> -trustcacerts -file <certificate_filename>
For example:
/usr/local/java/jdk1.7.0_79/jre/bin/keytool -import -alias linux-grat -keystore /usr/local/java/jdk1.7.0_79/jre/lib/security/cacerts -trustcacerts -file /home/certificates/linux-grat
Where:
- alias is the alias to be used for this certificate.
- keystore is the path to Java's Keystore in which we want to add the certificate. Make sure to update the Keystore of Java that is used by the Server.
- file is the path to the certificate file (exported in step 3) that we can to add into Java Keystore.