To install a signed certificate from a Certificate Authority you must obtain an SSL certificate from a CA and import it in your local keystore.
Generate a new SSL certificate.
- Create a certificate signing request by running the following command in the Java utility.
keytool -certreq -dunes -keypass "dunesdunes" -keystore "install_directory\app-server\conf\security\jssecacerts" -storepass "dunesdunes" -file certreq.csr
The utility generates a file called certreq.csr.
- (Optional) Submit the certreq.csr file to a certificate authority, such as VeriSign or Thawte.
Procedures might vary from one CA to another, but they all require a valid proof of your identity.
The CA returns a certificate that you must import.
- Import the SSL certificate into your local keystore.
- Download a root certificate from the CA that signed your certificate.
- Import the root certificate in your keystore by running the following command in the Java utility.
keytool -import -alias root -keystore "install_directory\app-server\conf\security\jssecacerts" \ -trustcacerts -file <filename_of_the_root_certificate>
- Import the SSL certificate signed by the CA (the SSL certificate must be in X509 DER format).
keytool -importcert -alias dunes -keypass "dunesdunes" -file vcoCertificate.crt -keystore "install_directory\app-server\conf\security\jssecacerts" -storepass "dunesdunes"
The SSL certificate is installed. You can change the SSL certificate for the Orchestrator configuration interface or the SSL certificate for the Orchestrator client.