Installing a signed certificate on the web server
To access to the ZD&T Enterprise Edition web server on your internal server, you need to install a signed certificate that is used by the web server.
To generate your own pkcs12 keystore (zdtkey.p12) that
contains the certificate and put the encrypted password in the server.env file,
follow these steps:
- Check the installation directory of your installed web server. For example, /opt/ibm/zdt is the default installation directory, but you can specify your own installation directory during the installation process.
- Run the following command to generate zdtkey.p12 and put it
in the [installation
directory]/zdt-server/resources/security.
openssl pkcs12 -export -out zdtkey.p12 -inkey cert.key -in cert.crt -password pass:$passcert - Modify the encrypted key store password.
- Get the encryption key that is specified by wlp.password.encryption.key in the [installation directory]/zdt-server/bootstrap.properties; for example, /opt/ibm/zdt/zdt-server/bootstrap.properties
- Run the following command where you installed the web
server.
[installation directory]/Liberty/bin/securityUtility encode --encoding=aes --key=<encryption_key_found_above> <password value>Note: To ensure that thesecurityUtilitycommand can be run successfully, the Java™ path must be set up. To set up the Java path, you need to add the JAVA_Home in the environment variable or add Java in the Path environment variable. - Modify the [installation
directory]/Liberty/usr/servers/zdt-server/server.env
file with your encoded password value.
POSTGRES_SERVER=xxx POSTGRES_PORT=5432 POSTGRES_NAME=xxx POSTGRES_USER=xxx POSTGRES_PASSWORD=xxx POSTGRES_DRIVER_DIR=xxx KEYSTORE_PASSWORD={aes}AG6iTGAo/v3DbfEv+7FgNH4oaoanLomL5enZr86JiS0p