Installing a signed certificate on the web server
To access to the Wazi Image Builder web server on your internal server, you need to install a signed certificate that is used by the web server.
To generate your own pkcs12 keystore (wibkey.p12) that
contains the certificate and put the encrypted password in the server.env file,
follow these steps:
- Check the installation directory of your installed web server. For example, /opt/ibm/wib is the default installation directory, but you can specify your own installation directory during the installation process.
- Run the following command to generate wibkey.p12 and put it
in the <installation_directory>/wib-server/resources/security.
openssl pkcs12 -export -out wibkey.p12 -inkey cert.key -in cert.crt -password pass:<password_value>
- Modify the encrypted key store password.
- Get the encryption key that is specified by wlp.password.encryption.key in the <installation_directory>/wib-server/bootstrap.properties; for example, /opt/ibm/wib/wib-server/bootstrap.properties
- Run the following command where you installed the web
server.
<installation_directory>/Liberty/bin/securityUtility encode --encoding=aes --key=<encryption_key_found_above> <password_value>
Note: To ensure that thesecurityUtility
command can be run successfully, the Java™ path must be set up. To set up the Java path, you need to add the JAVA_Home in the environment variable or add Java in the Path environment variable. - Modify the <installation_directory>/Liberty/usr/servers/wib-server/server.env
file with your encoded password value.
POSTGRES_SERVER=xxx POSTGRES_PORT=5432 POSTGRES_NAME=xxx POSTGRES_USER=xxx POSTGRES_PASSWORD=xxx POSTGRES_DRIVER_DIR=xxx KEYSTORE_PASSWORD={aes}AG6iTGAo/v3DbfEv+7FgNH4oaoanLomL5enZr86JiS0p