Generating a self-signed key certificate for ZooKeeper

Each server must have a keystore containing a key certificate (private key + public certificate). The key certificate can be self-signed or signed by a certificate authority (CA).

1. Log in to the ZooKeeper server as the user who installed Sterling B2B Integrator and Global Mailbox.
2. Use the Java™ keytool utility with the following input:

   keytool -genkeypair -alias <hostname> -keyalg RSA -keysize 2048 -dname "CN=<hostname>" -validity <days> -keypass <password> -keystore <path to keystore> -storepass <same password> -storetype JKS

   Note: The alias (-alias) and the distinguished name (-dname) must match the hostname of the machine that it is associated with else hostname verification fails.
   The generated key is in the specified keystore.
3. Export the certificate that is created by using the Java™ keytool utility supplied with the IBM JDK with the following input:

   keytool -exportcert -alias <hostname> -keystore <path to keystore> -file <hostname>.cer -storepass <password> -rfc

4. Generate a key certificate for each data center.
   Important: Certificates are created using the Common Name (CN) as the IP address of the ZK node.