To secure
the Content Platform Engine server
end of the communication with another server, you need to deploy the
third-party certificate that you generated on the other server into
the keystore on the Content Platform Engine server.
Procedure
To deploy a third-party
certificate on Content Platform Engine:
- Download a CA
certificate from the certificate authority (CA) website and save it
as cssThirdPartyCA.cer in any folder on the Content Platform Engine server, such as C:\IBM\cssKeystore.
- From the command line on the Content Platform Engine
server, navigate to the folder where you saved the
cssThirdPartyCA.cer file.
- On the JBoss Application Server where you deployed Content Platform Engine, determine the current
configured trust keystore. For example, JBoss Application Server might be configured to
use the default Java keystore cacerts at C:\Java\jre7\lib\security\cacerts.
- Deploy
the cssThirdPartyCA.cer file to the keystore
that you determined in the previous step by entering the following
command. If your keystore is not the default Java cacerts,
make the appropriate substitutions in the command.
keytool -import -alias YourThirdPartyAlias
-keystore C:\Java\jre7\lib\security\cacerts
-storepass YourStorePassword -file cssThirdPartyCA.cer
- Verify
that the certificate was deployed in the keystore by entering the
following command:
keytool -list -v keystore C:\Java\jre7\lib\security\cacerts
-storepass YourStorePassword
- To perform
SSL authentication, specify the following Java system parameters on
the Content Platform Engine application
server. For more information about adding Java system parameters,
see your application server documentation. If your keystore is not
the default Java cacerts, make the appropriate
substitutions in the command.
-Djavax.net.ssl.trustStore=C:\Java\jre7\lib\security\cacerts
-Djavax.net.ssl.trustStorePassword=YourStorePassword
- Restart the Content Platform Engine instances on the application
server.