1.8 Procedure to import SSL server certificates for https connections between JP1/AO and external Web servers into Common Component
To enable https connections between JP1/AO and external Web servers, an SSL server certificate must be installed in the truststore of the Common Component. To import the SSL server certificate into the truststore of the Common Component, you use the hcmds64keytool command (in Windows) or the keytool command (in Linux).
- Tip
You do not need to perform this procedure if you do not intend to use a Web client plug-in to establish https connections. You can also perform this procedure after you start using JP1/AO.
Before you begin
Use a secure method to acquire the SSL server certificate to be imported.
Check the path of the SSL server certificate to be imported.
Check the path of the truststore file.
- In Windows:
Common-Component-installation-folder\uCPSB11\hjdk\jdk\lib\security\jssecacerts
- In Linux:
-
Common-Component-installation-folder/uCPSB11/hjdk/jdk/lib/security/jssecacerts
Check the access password for the truststore.
Procedure to import SSL server certificate to truststore of Common Component
You can import an SSL server certificate into the truststore of the Common Component by executing a command. To import an SSL server certificate into the truststore of the Common Component:
Execute the following command:
- In Windows:
Common-Component-installation-folder\bin\hcmds64keytool -import -alias alias-name -file SSL-server-certificate-path -keystore truststore-file-path -storepass truststore-access-password -storetype JKS
- In Linux:
-
Common-Component-installation-folder/uCPSB11/jdk/bin/keytool -import -alias alias-name -file SSL-server-certificate-path -keystore truststore-file-path -storepass truststore-access-password -storetype JKS
- Note
-
Note the following points when you specify alias-name, truststore-file-path, and truststore-access-password by using the hcmds64keytool or keytool command:
-
For alias-name, specify the name used to identify the certificate within the truststore. If there are multiple SSL server certificates, specify an alias that is not already in use in the truststore.
-
The following symbols cannot be used in truststore-file-path:
Colons (:), commas (,), semicolons (;), asterisks (*), question marks (?), double quotation marks ("), left and right angle brackets (< and>), vertical bars (|), and hyphens (-)
-
Specify truststore-file-path as a character string of 255 bytes or fewer.
-
Double quotation marks (") cannot be used in alias-name or truststore-access-password.
-
Restart the JP1/AO server.