To install a signed certificate from a Certificate Authority you must obtain an SSL certificate from a CA and import it in your local keystore.

Prerequisites

Generate a new SSL certificate.

Procedure

  1. Create a certificate signing request by running the following command in the Java utility.
    keytool -certreq -dunes -keypass "dunesdunes" -keystore
            "install_directory\app-server\conf\security\jssecacerts" -storepass 
            "dunesdunes" -file certreq.csr
    

    The utility generates a file called certreq.csr.

  2. (Optional) : Submit the certreq.csr file to a certificate authority, such as VeriSign or Thawte.

    Procedures might vary from one CA to another, but they all require a valid proof of your identity.

    The CA returns a certificate that you must import.

  3. Import the SSL certificate into your local keystore.
    1. Download a root certificate from the CA that signed your certificate.
    2. Import the root certificate in your keystore by running the following command in the Java utility.
      keytool -import -alias root -keystore
              "install_directory\app-server\conf\security\jssecacerts" \ 
              -trustcacerts -file <filename_of_the_root_certificate>
      
    3. Import the SSL certificate signed by the CA (the SSL certificate must be in X509 DER format).
      keytool -importcert -alias dunes -keypass "dunesdunes" -file 
               vcoCertificate.crt -keystore 
               "install_directory\app-server\conf\security\jssecacerts" -storepass "dunesdunes"
      

Results

The SSL certificate is installed. You can change the SSL certificate for the Orchestrator configuration interface or the SSL certificate for the Orchestrator client.