Generate Certificate on Admin server
Generate Certificate on Admin server by following the below steps
|
1.
|
Install or locate a Java JVM. Verify that the keytool utility is accessible at the command line. |
|
2.
|
Change directory to a directory outside of the application where you wish to put the new keystore file. |
|
3.
|
Generate a simple key pair and non-trusted certificate into a keystore file in the current directory named admin by typing the following: |
keytool -keystore admin -storepass "flexnet" -genkeypair -alias "tomcat" -keyalg RSA -validity 7300 -keypass "flexnet" -dname "CN={Admin Server FQDN},OU=IT,O=test,L=test,S=test,C=test" -ext "SAN=dns:{Admin Server DNS Alias}" -keysize 2048
|
4.
|
Run the following command to generate a certficate signing request.
keytool.exe -keystore admin -certreq -keyalg RSA -alias tomcat -file "admin.csr" |
Note:The instructions for submitting a request to the Certification Authority to sign the Admin Server certificate are not detailed here as they may vary. Typically, you will need to provide the following minimal information in the request:
The Certification Authority will provide you with a signed copy of the Admin Server certificate in DER X.509 Base 64 encoded text.When saving the file choose ANSI encoding.
|
5.
|
we get a .p7b certificate chain of root, intermediate and server certificates, Copy this text into a new text file using notepad and save it to admin_signed.cer. When saving the file choose ANSI encoding. |
|
6.
|
Extract the root CA certificate |
Double click on the admin_signed.cer
The certificate properties dialog for the Admin Server certificate will be opened.
|
a.
|
In the Certification Path tab select the root certificate |
|
b.
|
Click on the View Certificate button to open the root certificate |
|
c.
|
In the Details tab of the root certificate choose Copy to File |
|
d.
|
Follow the Certificate Export Wizard prompts to save the root certificate as follows: |
Base-64 encoded X.509 (.CER)
File Path: admin_root.cer
|
7.
|
Extract the intermediate CA certificate: |
Double click on the admin_signed.cer
The certificate properties dialog for the Admin Server certificate will be opened.
|
e.
|
In the Certification Path tab select the intermediate certificate |
|
f.
|
Click on the View Certificate button to open the intermediate certificate |
|
g.
|
In the Details tab of the intermediate certificate choose Copy to File |
|
h.
|
Follow the Certificate Export Wizard prompts to save the intermediate certificate as follows: |
Base-64 encoded X.509 (.CER)
File Path: admin_intermediate.cer
|
8.
|
Extract the intermediate Server certificate: |
Double click on the admin_signed.cer
The certificate properties dialog for the Admin Server certificate will be opened.
|
i.
|
In the Certification Path tab select the server certificate |
|
j.
|
Click on the View Certificate button to open the intermediate certificate |
|
k.
|
In the Details tab of the server certificate choose Copy to File |
|
l.
|
Follow the Certificate Export Wizard prompts to save the server certificate as follows: |
Base-64 encoded X.509 (.CER)
File Path: admin_server.cer