Installing a signed certificate on the web server

To access to the Wazi Image Builder web server on your internal server, you need to install a signed certificate that is used by the web server.

To generate your own pkcs12 keystore (wibkey.p12) that contains the certificate and put the encrypted password in the server.env file, follow these steps:
  1. Check the installation directory of your installed web server. For example, /opt/ibm/wib is the default installation directory, but you can specify your own installation directory during the installation process.
  2. Run the following command to generate wibkey.p12 and put it in the <installation_directory>/wib-server/resources/security.
    openssl pkcs12 -export -out wibkey.p12 -inkey cert.key -in cert.crt -password pass:<password_value>
  3. Modify the encrypted key store password.
    1. Get the encryption key that is specified by wlp.password.encryption.key in the <installation_directory>/wib-server/bootstrap.properties; for example, /opt/ibm/wib/wib-server/bootstrap.properties
    2. Run the following command where you installed the web server.
      <installation_directory>/Liberty/bin/securityUtility encode --encoding=aes --key=<encryption_key_found_above> <password_value>
      Note: To ensure that the securityUtility command can be run successfully, the Java™ path must be set up. To set up the Java path, you need to add the JAVA_Home in the environment variable or add Java in the Path environment variable.
    3. Modify the <installation_directory>/Liberty/usr/servers/wib-server/server.env file with your encoded password value.
      POSTGRES_SERVER=xxx
         POSTGRES_PORT=5432
         POSTGRES_NAME=xxx
         POSTGRES_USER=xxx
         POSTGRES_PASSWORD=xxx
         POSTGRES_DRIVER_DIR=xxx
      
         KEYSTORE_PASSWORD={aes}AG6iTGAo/v3DbfEv+7FgNH4oaoanLomL5enZr86JiS0p