You can deploy
a self-signed certificate to the keystore on the IBM® Content Search Services server to secure its
communication with Content Platform Engine.
If you deploy a self-signed certificate, you do not need to deploy
a third-party certificate.
Procedure
To deploy a self-signed
certificate:
- Stop the IBM Content Search Services server if it is running.
- From the command line on the server, set the path to your
JRE\bin directory. For
example, set the path by entering the following command:
set PATH=C:\YourJRE\bin;%PATH%
- Navigate to the
folder YourCSSFolder\bin. YourCSSfolder is
the folder where you installed IBM Content Search Services. For example, YourCSSfolder might
be C:\Program Files\IBM\Content Search Services\CSS Server.
- Generate a self-signed
server certificate by entering one of the following commands, depending
on the type of the application server where Content Platform Engine is deployed:
- WebSphere® Application
Server:
keytool -genkey -alias YourSelfSignedAlias
-keypass YourKeyPassword -keystore selfSignedServerStore
-storepass YourStorePassword -validity NumberOfDays
-dname "CN=YourHostName, OU=Unknown,
O=Unknown, L=Unknown, ST=Unknown, C=Unknown"
- WebLogic Server:
keytool -genkey -alias YourSelfSignedAlias
-keypass YourKeyPassword -keystore selfSignedServerStore
-storepass YourStorePassword -validity NumberOfDays
-dname "CN=YourHostName, OU=Unknown,
O=Unknown, L=Unknown, ST=Unknown, C=Unknown" -keyalg RSA
- JBoss Application Server:
keytool -genkey -alias YourSelfSignedAlias
-keypass YourKeyPassword -keystore selfSignedServerStore
-storepass YourStorePassword -validity NumberOfDays
-dname "CN=YourHostName, OU=Unknown
O=Unknown, L=Unknown, ST=Unknown, C=Unknown" -keyalg RSA
Restriction: If you plan to verify the host name later, you
must include the
-dname parameter in the command:
-dname "CN=YourHostName,OU=Unknown,
O=Unknown, L=Unknown, ST=Unknown, C=Unknown"
In
the following example of this command, the application server type
is WebSphere Application
Server, the keystore
password and the certificate password are changeit,
the certificate valid time is 3650 days (10
years), and the host name is Host1:
keytool -genkey -alias YourSelfSignedAlias
-keypass changeit -keystore selfsignedServerStore
-storepass changeit -validity 3650
-dname "CN=Host1, OU=Unknown,
O=Unknown, L=Unknown, ST=Unknown, C=Unknown"
- Verify that the
certificate was created in the keystore by entering the following
command:
keytool -list -v -keystore selfsignedServerStore -storepass YourStorePassword
- Deploy the keystore
by entering the following command:
configTool.bat set -system -configPath YourCSSfolder\config
-keyStoreName PathToYourKeyStore\selfsignedServerStore
-keyStorePassword YourStorePassword
In the following example
of this command, YourCSSfolder is C:\Program
Files\IBM\Content Search Services\CSS Server, PathToYourKeyStore is C:\Program
Files\IBM\Content Search Services\CSS Server\bin, and YourStorePassword is changeit:
configTool.bat set -system
-configPath "C:\Program Files\IBM\Content Search Services\CSS Server\config"
-keyStoreName "C:\Program Files\IBM\Content Search Services\CSS Server\
bin\selfsignedServerStore" -keyStorePassword changeit
- Start the IBM Content Search Services server.