Obtaining a Trusted Certificate
For optimal security, if users are connecting to FlexNet Manager for Engineering Applications Admin from outside your organization, you should obtain a trusted certificate from a certificate authority. A list of certificate authorities can be found in SSL Configuration HOW-TO (http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html). Each certificate authority has its own instructions, but all require that you submit a certificate signing request (CSR) that you can generate from the test keystore using the keytool utility.
To obtain a trusted certificate:
| 1. | First, consult your own IT department for a trusted certificate. |
Sometimes an organization will create and issue their own certificates so it's always good to check there first.
If your IT department cannot provide you with an internally created trusted certificate, proceed to the next step.
| 2. | Generate a CSR in a file named p.csr for a key pair and certificate already in a keystore called keystore in the current directory by typing the following text: |
keytool -certreq -keyalg RSA -alias tomcat -file tomcat.csr
-keystore keystore
| 3. | Submit this CSR as instructed by the certificate authority you chose. |
| 4. | After you receive a trusted certificate from the certificate authority, load the certificate authority’s chain (or root) certificate (in a file named rootcrt) into the keystore used to generate the CSR. If the certificate is in a format understood by the keytool utility, type: |
keytool -keystore <keystore> -import -alias root -file <rootcrt> -trustcacerts
If it is not in a format understood by the keytool utility, see SSL Configuration HOW-TO or documentation from the certificate authority.
| 5. | After the root certificate has been loaded, load the new certificate (in a file named newcrt) into the keystore used to generate the CSR. If the certificate is in a format understood by the keytool utility, type: |
keytool -keystore <keystore> -import -alias tomcat -file <newcrt> -trustcacerts
If it is not in a format understood by the keytool utility, see SSL Configuration HOW-TO or documentation from the certificate authority.