To secure the Content Platform Engine server end of the communication
with another server, you need to deploy the self-signed certificate
that you generated on the other server into the keystore on the Content Platform Engine server.
Procedure
To deploy a self-signed
certificate on Content Platform Engine:
- From the command line on the IBM® Content Search Services
server, navigate to the
YourCSSfolder\bin folder.
YourCSSfolder is the folder
where you installed IBM Content Search Services.
- Export the certificate
to a file by running the following command:
keytool -export -alias YourSelfSignedAlias
-keypass YourKeyPassword -keystore selfSignedServerStore
-storepass YourStorePassword -file selfSignedCert.cer
- Copy the selfSignedCert.cer file
to a folder on the Content Platform Engine server,
for example, C:\IBM\cssKeystore.
- From the command line on the Content Platform Engine
server, navigate to the folder where you saved the
selfsignedCert.cer file.
- On the JBoss Application Server where you deployed Content Platform Engine, determine the current
configured trust keystore. For example, JBoss Application Server might be configured to
use the default Java keystore cacerts at C:\Java\jre7\lib\security\cacerts.
- Deploy
the selfsignedCert.cer file to the keystore that
you determined in the previous step by entering the following command.
If your keystore is not the default Java cacerts,
make the appropriate substitutions in the command.
keytool -import -alias YourSelfSignedAlias
-keystore C:\Java\jre7\lib\security\cacerts
-storepass YourStorePassword -file selfsignedCert.cer
- Verify
that the certificate was deployed in the keystore by entering the
following command:
keytool -list -v keystore C:\Java\jre7\lib\security\cacerts
-storepass YourStorePassword
- To perform
SSL authentication, specify the following Java system parameters on
the Content Platform Engine application
server. For more information about adding Java system parameters,
see your application server documentation. If your keystore is not
the default Java cacerts, make the appropriate
substitutions in the command.
-Djavax.net.ssl.trustStore=C:\Java\jre7\lib\security\cacerts
-Djavax.net.ssl.trustStorePassword=YourStorePassword
- Restart the Content Platform Engine instances on the application
server.