Using an existing keystore
You can change the default certificate by installing your own certificate keystore. You can either use a P12 or JKS keystore.
Procedure
- Edit the ssl.xml file.
-
Locate the <keystore/> parameter. Set appropriate
values for your certificate keystore.
- ID
- The default value is defaultKeyStore. You can change the value to an ID of your choice or keep the default value.
- Password
-
To apply custom certificate properly using AES-encoded password, do the following:
- Ensure the server is stopped.
- Open the [installdir]\tools\env\env.xml file.
- Copy the value reported in the value property of the
wlp.password.encryption.key
variable.
For example: From
<variable name="wlp.password.encryption.key" value="8f7008648eb308479c88f388e82000209a26" />,
copy 8f7008648eb308479c88f388e82000209a26 -
Run the following commands:
[installdir]\wlp\bin\securityUtility.bat encode --encoding=aes --key=<encryption_key>
where <encryption_key> is the value copied in the previous step.Note: On Linux, the securityUtility tool does not have the .bat extension. Therefore, use securityUtility instead of securityUtility.bat. - Insert twice the password to be encrypted.
- Manually copy the resulting encrypted password in the XML
file in
[installdir]\wlp\usr\servers\trcserver\ssl.xmlNote: The encrypted password starts with "{aes}". For example,
{aes}AFLSwk76PovVwmQlVCULHEkkkzRqPUgLoZVy33sMxPZf)
- Restart the server.
- Location
- Enter the absolute path to the existing keystore. The value can be the path to a jks file or a p12 file.
- Type
- Determines the type of keystore file. If you are using a p12 file use PKCS12. If you are using a jks file, you do not need to define a type value.
- Save the file.
- Restart the Remote Control server.