FileNet P8 Content Search Engine, Version 5.2.1       Application server:  JBOSS Application Server   Operating systems:  AIX, Linux, Linux on System z, Solaris, Windows

Deploying a self-signed certificate on the Content Platform Engine server (JBoss Application Server)

To secure the Content Platform Engine server end of the communication with another server, you need to deploy the self-signed certificate that you generated on the other server into the keystore on the Content Platform Engine server.

Procedure

To deploy a self-signed certificate on Content Platform Engine:

  1. From the command line on the IBM® Content Search Services server, navigate to the YourCSSfolder\bin folder. YourCSSfolder is the folder where you installed IBM Content Search Services.
  2. Export the certificate to a file by running the following command:
    keytool -export -alias YourSelfSignedAlias
    -keypass YourKeyPassword -keystore selfSignedServerStore
    -storepass YourStorePassword -file selfSignedCert.cer
  3. Copy the selfSignedCert.cer file to a folder on the Content Platform Engine server, for example, C:\IBM\cssKeystore.
  4. From the command line on the Content Platform Engine server, navigate to the folder where you saved the selfsignedCert.cer file.
  5. On the JBoss Application Server where you deployed Content Platform Engine, determine the current configured trust keystore. For example, JBoss Application Server might be configured to use the default Java keystore cacerts at C:\Java\jre7\lib\security\cacerts.
  6. Deploy the selfsignedCert.cer file to the keystore that you determined in the previous step by entering the following command. If your keystore is not the default Java cacerts, make the appropriate substitutions in the command.
    keytool -import -alias YourSelfSignedAlias 
    -keystore C:\Java\jre7\lib\security\cacerts 
    -storepass YourStorePassword -file selfsignedCert.cer
  7. Verify that the certificate was deployed in the keystore by entering the following command:
    keytool -list -v keystore C:\Java\jre7\lib\security\cacerts 
    -storepass YourStorePassword
  8. To perform SSL authentication, specify the following Java system parameters on the Content Platform Engine application server. For more information about adding Java system parameters, see your application server documentation. If your keystore is not the default Java cacerts, make the appropriate substitutions in the command.
    -Djavax.net.ssl.trustStore=C:\Java\jre7\lib\security\cacerts
    -Djavax.net.ssl.trustStorePassword=YourStorePassword
  9. Restart the Content Platform Engine instances on the application server.


Last updated: October 2015
p8pin347.htm

© Copyright IBM Corporation 2013, 2015.