Installing a signed certificate on the web server

To access to the ZD&T Enterprise Edition web server on your internal server, you need to install a signed certificate that is used by the web server.

To generate your own pkcs12 keystore (zdtkey.p12) that contains the certificate and put the encrypted password in the server.env file, follow these steps:
  1. Check the installation directory of your installed web server. For example, /opt/ibm/zdt is the default installation directory, but you can specify your own installation directory during the installation process.
  2. Run the following command to generate zdtkey.p12 and put it in the [installation directory]/zdt-server/resources/security.
    openssl pkcs12 -export -out zdtkey.p12 -inkey cert.key -in cert.crt -password pass:$passcert
  3. Modify the encrypted key store password.
    1. Get the encryption key that is specified by wlp.password.encryption.key in the [installation directory]/zdt-server/; for example, /opt/ibm/zdt/zdt-server/
    2. Run the following command where you installed the web server.
      [installation directory]/Liberty/bin/securityUtility encode --encoding=aes --key=<encryption_key_found_above> <password value>
      Note: To ensure that the securityUtility command can be run successfully, the Java™ path must be set up. To set up the Java path, you need to add the JAVA_Home in the environment variable or add Java in the Path environment variable.
    3. Modify the [installation directory]/Liberty/usr/servers/zdt-server/server.env file with your encoded password value.