You can deploy a third-party certificate to the keystore on the IBM® Content Search Services server to secure its communication with Content Platform Engine. If you deploy a third-party certificate, you do not need to deploy a self-signed certificate.
To deploy a third-party certificate:
set PATH=C:\YourJRE\bin;%PATH%
keytool -genkey -alias YourThirdPartyAlias
-keypass YourKeyPassword -keystore thirdPartyServerStore
-storepass YourStorePassword -validity NumberOfDays
-dname "CN=YourHostName, OU=Unknown, O=Unknown,
L=Unknown, ST=Unknown, C=Unknown"
keytool -genkey -alias YourThirdPartyAlias
-keypass YourKeyPassword -keystore thirdPartyServerStore
-storepass YourStorePassword -validity NumberOfDays
-dname "CN=YourHostName, OU=Unknown, O=Unknown,
L=Unknown, ST=Unknown, C=Unknown" -keyalg RSA
keytool -genkey -alias YourThirdPartyAlias
-keypass YourKeyPassword -keystore thirdPartyServerStore
-storepass YourStorePassword -validity NumberOfDays
-dname "CN=YourHostName, OU=Unknown
O=Unknown, L=Unknown, ST=Unknown, C=Unknown" -keyalg RSA
-dname "CN=YourHostName,OU=Unknown,
O=Unknown, L=Unknown, ST=Unknown, C=Unknown"
In the following example of this command, the application server type is WebSphere Application Server, the keystore password and the certificate password are changeit, the certificate valid time is 3650 days (10 years), and the host name is Host1:
keytool -genkey -alias YourThirdPartyAlias
-keypass changeit -keystore thirdPartyServerStore
-storepass changeit -validity 3650
-dname "CN=Host1, OU=Unknown, O=Unknown,
L=Unknown, ST=Unknown, C=Unknown"
keytool -list -v -keystore thirdPartyServerStore -storepass YourStorePassword
keytool -certreq -alias YourThirdPartyAlias -keypass YourKeyPassword
-keystore thirdPartyServerStore -storepass YourStorePassword
-dname "CN=YourHostName, OU=Unknown, O=Unknown, L=Unknown,
ST=Unknown, C=Unknown" -file certRequest.txt
keytool -import -alias YourThirdPartyAlias -keystore thirdPartyServerStore
-storepass YourStorePassword -file certnew.p7b
keytool -list -v -keystore thirdPartyServerStore -storepass YourStorePassword
configTool.bat set -system -configPath YourCSSfolder\config
-keyStoreName PathToYourKeyStore\thirdPartyServerStore
-keyStorePassword YourStorePassword
In the following example of this command, YourCSSfolder is C:\Program Files\IBM\Content Search Services\CSS Server, PathToYourKeyStore is C:\Program Files\IBM\Content Search Services\CSS Server\bin, and YourStorePassword is changeit:
configTool.bat set -system
-configPath "C:\Program Files\IBM\Content Search Services\CSS Server\config"
-keyStoreName "C:\Program Files\IBM\Content Search Services\CSS Server\
bin\thirdPartyServerStore" -keyStorePassword changeit