Step 4: Add the Web server's certificate to the Java keyring (Java 2 clients only).
This step only applies to Certificate-based Web Express Logon. If you are not using client certificates to authenticate users to a secure Web server, skip to the next step. |
For Java 2 clients, if the Web Server's certificate is self-signed or has not been issued by a trusted Certificate Authority (CA), you must add the Web server's certificate to the Java keyring in order to for clients to make secure HTTPS connections to the Web server.
To add the certificate to the keyring for Java 2 clients, take
the following steps:
- Open a Windows command prompt and input the following command.
Note that the syntax of the command remains the same, regardless of
the location of the library, which may vary depending on the vendor
and version of the JRE:
C:\Program Files\HCL\Java14\jre\bin>keytool -import -alias "ZIE HTTP Server" -file httphodnotnet.der -keystore ..\lib\security\cacerts -storepass changeit
- If you input your command successfully, the output should look
similar to the following:
Owner: CN=hodnotnet.raleigh.hcl.com, OU=Test, O=HACP, L=Chapel Hill, ST=NC, POST ALCODE=27514, C=US Issuer: CN=hodnotnet.raleigh.hcl.com, OU=Test, O=HACP, L=Chapel Hill, ST=NC, POS TALCODE=27514, C=US Serial number: 40a27eaf Valid from: Tue May 11 15:44:47 EDT 2004 until: Thu May 12 15:44:47 EDT 2005 Certificate fingerprints: MD5: 97:A9:31:88:4E:DC:77:08:C2:1D:1E:22:79:E8:4C:E8 SHA1: 16:26:88:91:67:4D:71:FD:2A:D4:9B:47:0C:96:07:C3:8D:3F:CC:37 Trust this certificate? [no]: yes Certificate was added to keystore
- Certificate-based Web Express Logon also requires a client certificate.
This client certificate must be available to both the Web browser
(usually stored in the browser keystore) as well as to Java 2. To
make the certificate available, take these steps:
- Start the Java Control Panel for the JRE.
- On the Java Control Panel, go to the 'Advanced' tab and enter
the following line for 'Java Runtime Parameters':
-Djavax.net.ssl.keyStore=<C:\path\cert_name.pfx> -Djavax.net.ssl.keyStorePassword= <certficate password> -Djavax.net.ssl.keyStoreType=pkcs12