Secure Web Server Certificates
The SDX software uses the strong encryption provided by Secure Sockets Layer protocol (SSL) to secure the SAE against unauthorized access. To support SSL, you must obtain an authorized site certificate for your SSL-supported SAE installation. A dummy certificate is provided with the installation; you must replace this with a real certificate.
- Access the SAE installation directory.
- Remove the dummy certificate.
- Generate a new self-signed certificate.
cd /opt/UMC/ssp
rm -f lib/jetty/saeKeystore
../jre/bin/keytool -genkey -keyalg RSA -keystore lib/jetty/saeKeystore -keypass saejetty -storepass saejetty -alias sae -dname <DN> -validity 365
The indicated -keystore, -keypass, -storepass, and -alias values are required.
Replace <DN> with the distinguished name that identifies your HTTPS server. For example, if XYM Corp in Canada has an HTTPS server with a hostname of ssp1.domain.org, then the DN might be the following:
"cn=ssp1.domain.org, o=XYM Corp, c=CA"
Be sure to include the quotation marks. For complete documentation of the Java keytool, see:
http://java.sun.com/j2se/1.4.1/docs/tooldocs/solaris/keytool.html
 |
- Create a certificate signing request (CSR).
../jre/bin/keytool -certreq -alias sae -file server.csr -keypass saejetty -keystore lib/jetty/saeKeystore -storepass saejetty
The CSR is placed in the server.csr file.
- Send the CSR from the file /opt/UMC/ssp/server.csr for signing to a certificate authority (CA), such as one of the following commonly used authorities:
- Entrust Technologies, Inc. (http://www.entrust.net)
- VeriSign, Inc. (http://www.verisign.com)
The CA will authenticate you and return a certificate, signed by them, that authenticates your public key.
- Import the signed certificate into the keystore.
- Install the signed certificate in the certificate file.
/opt/UMC/jre/bin/keytool -import -alias sae -file server.crt -keypass saejetty -noprompt -trustcacerts -keystore lib/jetty/saeKeystore -storepass saejetty
/opt/UMC/ssp/httpd/conf/ssl.crt/server.crt.