Installing a certificate

To install a certificate in Remote Control, you can either use an existing P12 or JKS keystore or import an existing certificate into the existing keystore.

About this task

Any changes that are made to the certificate configuration are overwritten if you reinstall or upgrade the Remote Control server. Choose the appropriate method to install a certificate for Remote Control. You can also configure the SSL certificate by using the server installer. For more information about configuring the SSL certificate during installation, see the BigFix® Remote Control Installation Guide

To use an existing keystore, complete the following steps

About this task

If you want to use a keystore different than the default .jks, complete the following steps.

Procedure

  1. Edit the ssl.xml file.
  2. Locate the <keystore/> parameter. Set appropriate values for your certificate keystore.
    ID
    The default value is defaultKeyStore. You can change the value to an ID of your choice or keep the default value.
    Password

    To apply custom certificate properly using AES-encoded password, do the following:

    1. Ensure the server is stopped.
    2. Open the [installdir]\tools\env\env.xml file.
    3. Copy the value reported in the value property of the wlp.password.encryption.key variable.

      For example: From <variable name="wlp.password.encryption.key" value="8f7008648eb308479c88f388e82000209a26" />, copy 8f7008648eb308479c88f388e82000209a26

    4. Run the following commands:
      [installdir]\wlp\bin\securityUtility.bat encode --encoding=aes --key=<encryption_key>
      where <encryption_key> is the value copied in the previous step.
      Note: On Linux, the securityUtility tool does not have the .bat extension. Therefore, use securityUtility instead of securityUtility.bat.
    5. Insert twice the password to be encrypted.
    6. Manually copy the resulting encrypted password in the XML file in [installdir]\wlp\usr\servers\trcserver\ssl.xml
      Note: The encrypted password starts with "{aes}". For example, {aes}AFLSwk76PovVwmQlVCULHEkkkzRqPUgLoZVy33sMxPZf)
    7. Restart the server.
    Location
    Enter the absolute path to the existing keystore. The value can be the path to a jks file or a p12 file.
    Type
    Determines the type of keystore file. If you are using a p12 file use PKCS12. If you are using a jks file, you do not need to define a type value.
  3. Save the file.
  4. Restart the Remote Control server.