Follow this procedure to create a certificate for Java™ HCL®
EMM components.
About this task
HCL
EMM web
application components written in Java use the JSSE library. The Sun JDK
includes a program called keytool that can
create a certificate file. Consult the Java documentation for complete details
on using this program, or access the help by entering -help when
you run the program.
Use the following procedure to
create a self-signed certificate that you can use when configuring
a Java HCL
EMM component
for SSL.
Procedure
- Run keytool at the command line.
This program is included in the bin directory
of the Sun Java JDK.
- Generate an identity keystore.
The following
example command creates a keystore named UnicaClientIdentity.jks.
keytool
-genkey -alias UnicaClientIdentity -keyalg RSA -keystore
UnicaClientIdentity.jks -keypass clientPwd -validity
1000 -dname "CN=hostName, O=myCompany" -storepass clientPwd
Note
the following.
Make a note of the -storepass value
(clientPwd in the example)
as you need it when you configure the application
server.
Make a note of the -alias value
(UnicaClientIdentity in the example)
as you need it for the rest of this procedure.
The common name (CN) in the distinguished name should be the
same as the host name used to access HCL
EMM. For
example, if the URL for HCL
EMM
is https://hostName.companyDomain.com:7002/unica/jsp,
then the CN should be hostName.companyDomain.com.
The CN portion of the distinguished name is the only
required portion; Organization (O) and Organizational
Unit (OU) are not required.
For WebSphere® 6.0,
the keystore password and key password must be the
same.
- Generate a certificate based on the identity keystore you
created.
The following example command creates a certificate
named UnicaCertificate.cer.
keytool
-export -keystore UnicaClientIdentity.jks -storepass
clientPwd -alias UnicaClientIdentity -file UnicaCertificate.cer
The
value of -alias is the alias
you set for the identity keystore (UnicaClientIdentity in
the example).
- Generate a trusted keystore based on the certificate you
created.
The following example command creates a trusted
keystore named UnicaTrust.jks.
keytool
-import -alias UnicaClientIdentity -file UnicaCertificate.cer
-keystore UnicaTrust.jks -storepass trustPwd
Note
the following.
Type Y when prompted to trust the certificate.
The value of -alias is the alias you
set for the identity keystore (UnicaClientIdentity in
the example).
Make a note of the -storepass value
(trustPwd in the example)
as you need it when you configure the application
server.