Setting up Connect:Direct Server KeyStore

About this task

  • Certificate authentication requires a secure connection between Control Center Director and Connect:Direct server with a SSL, TLS, TLS1.1, or TLS1.2 connection.

  • Follow the steps defined in Setting up Connect:Direct Server KeyStore step 3, to generate a CA-signed certificate for Connect:Direct. After you have generated the key-certificate pair for Connect:Direct such as, server_signed.p12, follow below procedure to import key-certificate pair into Secure+.

  • Connect:Direct Agent and Connect:Direct server share a common KeyStore.

Procedure

  1. Extract the certificate in pem format. 
    keytool -importkeystore -srcalias <CERT_ALIAS> -srckeystore <KEYSTORE>  -srcstorepass
<KEYSTORE_PASSWORD> -destkeystore "server_signed.p12" -deststorepass <DEST_PASS>
-deststoretype PKCS12
  2. Use the following openssl commands to convert certificates into pem format. 
    openssl pkcs12 -clcerts -nokeys -out servercert.pem -in server_signed.p12
openssl pkcs12 -nocerts -out serverkey.pem -in server_signed.p12
cat serverkey.pem servercert.pem > server_signed.pem