FileNet P8 Content Search Engine,             Operating systems:  AIX, Linux, Linux on System z, Solaris, Windows

Deploying a third-party certificate on the IBM Content Search Services server

You can deploy a third-party certificate to the keystore on the IBM® Content Search Services server to secure its communication with Content Platform Engine. If you deploy a third-party certificate, you do not need to deploy a self-signed certificate.

Procedure

To deploy a third-party certificate:

  1. Stop the IBM Content Search Services server if it is running.
  2. From the command line on the server, set the path to your JRE\bin directory. For example, set the path by entering the following command:
    set PATH=C:\YourJRE\bin;%PATH%
  3. Navigate to the folder YourCSSFolder\bin. YourCSSfolder is the folder where you installed IBM Content Search Services. For example, YourCSSfolder might be C:\Program Files\IBM\Content Search Services\CSS Server.
  4. Generate a third-party server certificate by entering one of the following commands, depending on the application server type:
    • WebSphere® Application Server:
      keytool -genkey -alias YourThirdPartyAlias
      -keypass YourKeyPassword -keystore thirdPartyServerStore
      -storepass YourStorePassword -validity NumberOfDays
      -dname "CN=YourHostName, OU=Unknown, O=Unknown,
      L=Unknown, ST=Unknown, C=Unknown"
    • WebLogic Server
      keytool -genkey -alias YourThirdPartyAlias
      -keypass YourKeyPassword -keystore thirdPartyServerStore
      -storepass YourStorePassword -validity NumberOfDays
      -dname "CN=YourHostName, OU=Unknown, O=Unknown,
      L=Unknown, ST=Unknown, C=Unknown" -keyalg RSA
    • JBoss Application Server:
      keytool -genkey -alias YourThirdPartyAlias
      -keypass YourKeyPassword -keystore thirdPartyServerStore
      -storepass YourStorePassword -validity NumberOfDays
      -dname "CN=YourHostName, OU=Unknown
      O=Unknown, L=Unknown, ST=Unknown, C=Unknown" -keyalg RSA
    Restriction: If you plan to verify the host name later, you must include the -dname parameter in the command:
    -dname "CN=YourHostName,OU=Unknown,
    O=Unknown, L=Unknown, ST=Unknown, C=Unknown"

    In the following example of this command, the application server type is WebSphere Application Server, the keystore password and the certificate password are changeit, the certificate valid time is 3650 days (10 years), and the host name is Host1:

    keytool -genkey -alias YourThirdPartyAlias
    -keypass changeit -keystore thirdPartyServerStore
    -storepass changeit -validity 3650
    -dname "CN=Host1, OU=Unknown, O=Unknown,
    L=Unknown, ST=Unknown, C=Unknown"
  5. Verify that the certificate was created in the keystore by entering the following command:
    keytool -list -v -keystore thirdPartyServerStore -storepass YourStorePassword
  6. Generate a certificate request, by entering the following command:
    keytool -certreq -alias YourThirdPartyAlias -keypass YourKeyPassword
    -keystore thirdPartyServerStore -storepass YourStorePassword
     -dname "CN=YourHostName, OU=Unknown, O=Unknown, L=Unknown,
     ST=Unknown, C=Unknown" -file certRequest.txt
  7. Go to a Certificate Authority (CA) website and use this request to get a server certificate.
  8. Save the server certificate on the IBM Content Search Services server in the YourCSSfolder\bin directory. For example, save the certificate file as certnew.p7b.
  9. From the command line on the IBM Content Search Services server, navigate to the YourCSSfolder\bin folder.
  10. Import the certificate to keystore thirdPartyServerStore, by entering the following command:
    keytool -import -alias YourThirdPartyAlias -keystore thirdPartyServerStore 
    -storepass YourStorePassword -file certnew.p7b
  11. Verify that the certificate was imported in the keystore by entering the following command:
    keytool -list -v -keystore thirdPartyServerStore -storepass YourStorePassword
  12. Deploy the keystore by entering the following command:
    configTool.bat set -system -configPath YourCSSfolder\config
    -keyStoreName PathToYourKeyStore\thirdPartyServerStore
    -keyStorePassword YourStorePassword

    In the following example of this command, YourCSSfolder is C:\Program Files\IBM\Content Search Services\CSS Server, PathToYourKeyStore is C:\Program Files\IBM\Content Search Services\CSS Server\bin, and YourStorePassword is changeit:

    configTool.bat set -system
    -configPath "C:\Program Files\IBM\Content Search Services\CSS Server\config"
    -keyStoreName "C:\Program Files\IBM\Content Search Services\CSS Server\
    bin\thirdPartyServerStore" -keyStorePassword changeit
  13. Start the IBM Content Search Services server.


Last updated: October 2015
p8pin352.htm

© Copyright IBM Corporation 2013, 2015.