Step 1: Create a Keystore File
The following instructions show how to create and install self-signed certs. But self-signed certs should not be used in production environments. Follow the same steps as guidelines to install your own certs, which are acquired from SSL cert vendors.
You can use an existing SSL certificate or create your own using the Java keytool:
https://docs.oracle.com/cd/E19798-01/821-1841/gjrgy/index.html.
If you already have a known keystore file prepared, you may skip to
Step 2: Enable HTTPS.
If you already have a certificate, you must import it into a keystore and then go to
Step 2: Enable HTTPS:
keytool -import -alias tomcat -file myCertificate.crt -keystore keystore.p12 -storepass password
Example:
You could run the following commands for PKCS12 with an alias of “actian”:
keytool -genkeypair -alias actian -keyalg RSA -keysize 2048 -keystore keystore.jks -validity 3650
keytool -genkeypair -alias actian -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore keystore.p12 -validity 3650
Enter a password for the keystore with at least 6 characters:
Enter keystore password:
Re-enter new password:
Add some identifying information and a password for the alias (if different from the keystore):
What is your first and last name?
[Unknown]:
…
Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
[no]: yes
Enter key password for <actian>
(RETURN if same as keystore password):
# Export the certificate out of the keystore:
keytool -exportcert -alias actian -keystore keystore.p12 -file actian.cer -storetype pkcs12 -noprompt -storepass changeit
# Add certificate to the java cacerts file being used by IM - Run as Admin:
keytool -import -alias actian -file actian.cer -keystore "<JDK_HOME>\jre\lib\security\cacerts" -storepass changeit