To install a certificate in BigFix® Remote
Control, you can either
use an existing P12 or JKS keystore or import an existing
certificate into the existing keystore.
About this task
Any changes that are made to the certificate configuration
are overwritten if you reinstall or upgrade the BigFix® Remote
Control server.
Choose the appropriate method to install a certificate for BigFix® Remote
Control.
You can also configure the SSL certificate by using the server installer.
For more information about configuring the SSL certificate during
installation, see the BigFix® Remote Control
Installation Guide
Procedure
- To use an existing keystore, complete the following steps:
- Edit the ssl.xml file.
- Locate the <keystore/> parameter.
Set appropriate values for your certificate keystore.
- ID
- The default value is defaultKeyStore. You can change the value to an ID of
your choice or keep the default value.
- Password
- The default value is TrCWebAS. Replace the password with the password for
the existing certificate store. You can enter the password in plain text, or encode the password by
using the securityUtility tool. Use the following command to encode your
password. For example, on a Windows™ system use
securityUtility.bat.
[installdir]\wlp\bin\securityUtility
encode
Where [installdir] is the BigFix® Remote
Control server
installation directory. Enter your password. Use the generated string for the password
parameter.
- Location
- Enter the absolute path to the existing keystore. The value can
be the path to a jks file or a p12 file.
- Type
- Determines the type of keystore file. If you are using a p12 file
use PKCS12. If you are using a jks file,
you do not need to define a type value.
- Save the file.
- Restart the BigFix® Remote
Control server.
- To generate a signed certificate, complete the following
steps:
- Open a command line window.
- Go to the BigFix® Remote
Control installation
directory.
- Change to the java\jre\bin subdirectory
on a Windows™ system or the java/jre/bin subdirectory
on a Linux™ system.
- Run ikeyman.sh on a Linux™ system or ikeyman.exe on
a Windows™ system.
-
In the GUI window, select .
- Go to the \[installdir]\/wlp/usr/servers/trcserver/resources/security directory,
where [installdir] is the BigFix® Remote
Control installation
directory.
- Select key.jks. This file is
the default keystore.
- Click open.
- Enter the password TrCWebAS.
-
Complete the appropriate procedure to install the certificate.
- Create a certificate request
- Select .
- Provide a Key Label name. The name is displayed in the GUI.
- Type in any additional information.
- Click OK.
- A certreq.arm file is generated and saved to the location specified. This
file must be sent to the certificate authority to be signed and a cert.arm file
is returned.
- When you receive the signed certificate, select Receive.
- Browse to your cert.arm signed file.
- Click OK.
- Externally sign the existing certificate
- Select Recreate Request.
- A certreq.arm file is generated and saved to the location specified. This
file must be sent to the certificate authority to be signed and a cert.arm file
is returned.
- When you receive the signed certificate, select Receive.
- Browse to your cert.arm signed file.
- Click OK.
- You can see a second certificate listed. Delete
the default certificate.
- Save and overwrite the key.jks file.
When you are prompted for the password, type TrCWebAS.
- Restart the server. The https port is signed with the correct
certificate.