Obtaining a Trusted Certificate

For optimal security, if users are connecting to FlexNet Manager for Engineering Applications from outside your organization, you should obtain a trusted certificate from a certificate authority. A list of certificate authorities can be found in SSL Configuration HOW-TO. Each certificate authority has its own instructions, but all require that you submit a certificate signing request (CSR) that you can generate from the test keystore using the keytool utility.

To obtain a trusted certificate:

1.

Generate a CSR in a file named p.csr for a key pair and certificate already in a keystore called keystore in the current directory by typing the following text:

keytool -certreq -keyalg RSA -alias tomcat -file tomcat.csr
-keystore keystore

2.

Submit this CSR as instructed by the certificate authority you chose.

3.

After you receive a trusted certificate from the certificate authority, load the certificate authority’s chain (or root) certificate (in a file named rootcrt) into the keystore used to generate the CSR. If the certificate is in a format understood by the keytool utility, type the following:

keytool -keystore <keystore> -import -alias root -file <rootcrt> -trustcacerts

If it is not in a format understood by the keytool utility, see SSL Configuration HOW-TO or documentation from the certificate authority.

4.

After the root certificate has been loaded, load the new certificate (in a file named newcrt) into the keystore used to generate the CSR. If the certificate is in a format understood by the keytool utility, type:

keytool -keystore <keystore> -import -alias tomcat -file <newcrt> -trustcacerts

If it is not in a format understood by the keytool utility, see SSL Configuration HOW-TO or documentation from the certificate authority.