To secure the Content Platform Engine server end of the communication
with another server, you need to deploy the self-signed certificate
that you generated on the other server into the keystore on the Content Platform Engine server.
Procedure
To deploy a self-signed
certificate on Content Platform Engine:
- From the command line on the IBM® Content Search Services
server, navigate to the
YourCSSfolder\bin folder.
YourCSSfolder is the folder
where you installed IBM Content Search Services.
- Export the certificate
to a file by running the following command:
keytool -export -alias YourSelfSignedAlias
-keypass YourKeyPassword -keystore selfSignedServerStore
-storepass YourStorePassword -file selfSignedCert.cer
- Copy the selfSignedCert.cer file
to a folder on the Content Platform Engine server,
for example, C:\IBM\cssKeystore.
- From the command line on the Content Platform Engine
server, navigate to the folder where you saved the
selfsignedCert.cer file.
- On the WebLogic Server application server where
you deployed Content Platform Engine,
determine the current configured trust keystore. For example, WebLogic Server might be configured to
use DemoTrust (DemoTrust.jks) by default. (Note
that Oracle does not recommend using DemoTrust in a production environment.)
- Deploy the selfsignedCert.cer file
to the keystore that you determined in the previous step by entering
the following command. (If your keystore is not DemoTrust, or if you
are not using WebLogic Server 10.3
on a Windows platform, make
the appropriate substitutions in the command.)
keytool -import -alias YourSelfSignedAlias
-keystore C:\Oracle\Middeleware\WLserver_10.3\
server\lib\DemoTrust.jks -storepass YourStorePassword
-file selfsignedCert.cer
- Verify that the
certificate was deployed in the keystore by entering the following
command:
keytool -list -v keystore selfsignedCaStore
-storepass YourStorePassword
- To perform SSL
authentication, specify the following Java™ system
parameters on the Content Platform Engine application
server. For more information about adding Java system parameters, see your application
server documentation. (If your keystore is not DemoTrust, or you are
not using WebLogic 10.3 on a Windows platform,
make the appropriate parameter substitution.)
-Djavax.net.ssl.trustStore=C:\Oracle\Middleware\WLserver_10.3\
server\lib\DemoTrust.jks
-Djavax.net.ssl.trustStorePassword=YourStorePassword
- Restart the Content Platform Engine instances on the application
server.