White Papers
Abstract
Generating a self-signed SSL certificate using the OpenSSL
Content
1) Write down the Common Name (CN) for your SSL Certificate. The CN is the fully qualified name for the system that uses the certificate. For static DNS, use the hostname or IP address set in your Gateway Cluster (for example. 192.16.183.131 or dp1.acme.com).
2) Run the following OpenSSL command to generate your private key and public certificate. Answer the questions and enter the Common Name when prompted.
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
3) Combine your key and certificate in a PKCS#12 (P12) bundle:
openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12
Enter Export Password:
Verifying - Enter Export Password:
4) Insert this key into the ssl.server.jks keystore
./ikeycmd -cert -import -db <sourceKeystore> -target <CDWS_Keystore> -target_pw <CDWS_KeystorePassword> -label <Certificate_Alias_Name> -pw <sourceKeystorePassword>
<sourceKeystorePassword> value should match the Export password supplied
e.g -
./ikeycmd -cert -import -db /home/test1/MFTWebServices/mftws/BOOT-INF/classes/certificate.p12 -target /home/test1/MFTWebServices/mftws/BOOT-INF/classes/ssl-server.jks -target_pw qwerty1 -label cert_alias -pw qwerty1
5) Edit application.properties file and change the value of server.ssl.key-alias property with Certificate Label to be used by Connect: Direct Web Services.
6) stop and start web service.
Was this topic helpful?
Document Information
More support for:
IBM Sterling Connect:Direct Web Services
Component:
CD WEBSERVICES
Software version:
All Versions
Operating system(s):
Linux
Document number:
6537896
Modified date:
03 January 2022
UID
ibm16537896