Obtain or create certificates
- Create a certificate for a C++ application HCL Unica components.
- Create a certificate for a C++ application Java Unica components.
Create a certificate for a C++ application HCL Unica components
The Campaign listener implements SSL using the OpenSSL library. The OpenSSL
distribution includes a command-line program called openssl
that can create a certificate file. For details on using this program, see the
OpenSSL documentation. You can also access the help by entering
-help
, when you run the program.
- Run
openssl
at the command line. This program and its associated configuration file,openssl.cnf
, are included in the bin directory of the Campaign installation. It is also available with the OpenSSL distribution. - Generate a key. Here is a sample command that creates a key named
key.pem
.set OPENSSL_CONF=CAMPAIGN_HOME\bin\openssl.cnf
openssl genrsa -out key.pem 4096
- Generate a request. Here is a sample command that creates a key named
request.pem
.openssl req -config openssl.cnf -new -key key.pem -out request.pem
The tool asks you a series of questions. If you enter a period (.) the field is left blank. For a self-signed certificate, you must at least enter the Common Name.
If you are using the openssl tool from the Campaign/bin directory, add the
-config
parameter with a value that points to the openssl.cnf file in the same directory. For example:openssl req -config openssl.cnf -x509 -key key.pem -in request.pem -days 1000 -out certificate.pem
- Generate a certificate. The following sample command creates a
certificate named
certificate.pem
with an expiration of 10,000 days from the day it was created, using therequest.pem
andkey.pem
files.openssl req -x509 -key key.pem -in request.pem -days 10000 -out certificate.pem
If you are using the openssl tool from the Campaign/bin directory, add the
-config
parameter with a value that points to the openssl.cnf file in the same directory. For example:openssl req -config openssl.cnf -x509 -key key.pem -in request.pem -days 10000 -out certificate.pem
- Create new certificate file example campaign.pem.
- Copy key.pem and certificate.pem content into this file separated by new line.
Create a certificate for Java HCL Unica components
HCL Unica web application components written in Java use the JSSE library. The
Sun JDK includes a program called keytool
, which can create a
certificate file. For details on using this program, see the Java documentation.
You can also access the help by entering -help
when you run the
program.
- Run
keytool
at the command line. This program is included in the bin directory of the Sun Java JDK. - Generate an identity keystore. The following sample command creates a
keystore named
UnicaClientIdentity.jks
.keytool -genkey -alias UnicaClientIdentity -keyalg RSA -keystore UnicaClientIdentity.jks -keypass clientPwd -validity 1000 -dname "CN=hostName, O=myCompany" -storepass clientPwd
Note the following:- Make a note of the
-storepass
value (clientPwd in the example) as you require it when you configure the application server. - Make a note of the
-alias
value (UnicaClientIdentity in the example) as you require it for the rest of this procedure. - The common name (CN) in the distinguished name must be the same as the host name used to access HCL Unica. For example, if the URL for HCL Unica is https://hostName.companyDomain.com:7002/unica/jsp, then the CN must be hostName.companyDomain.com. The CN portion of the distinguished name is the only required portion; Organization (O) and Organizational Unit (OU) are not required.
- For WebSphere 6.0, the keystore password and key password must be the same.
- Make a note of the
- Generate a certificate based on the identity keystore you created. The
following sample command creates a certificate named
UnicaCertificate.cer
. The value of-alias
is the alias that you set for the identity keystore (UnicaClientIdentity in the example).keytool -export -keystore UnicaClientIdentity.jks -storepass clientPwd-alias UnicaClientIdentity -file UnicaCertificate.cer
- Generate a trusted keystore based on the certificate you created. The
following sample command creates a trusted keystore named
UnicaTrust.jks
.keytool -import -alias UnicaClientIdentity -file UnicaCertificate.cer-keystore UnicaTrust.jks -storepass trustPwd
Note the following:- Type Y when prompted to trust the certificate.
- The value of
-alias
is the alias you set for the identity keystore (UnicaClientIdentity
in the example). - Make a note of the
-storepass
value (trustPwd
in the example) as you require it when you configure the application server.
Import Open SSL certficate into java key store
keytool -import -alias ListenerKey -file
CAMPAIGN_HOME\bin\certificate.pem -keystore PlatformClientIdentity.jks
-storepass password
keytool -import -file CAMPAIGN_HOME\bin\certificate.pem -alias
ListenerKey -keystore
<APP_SERVER_JAVA>\jre\lib\security\cacerts
How to obtain signed certificates
- For HCL Unica applications written in C++, obtain a certificate in PEM format.
- For all other HCL Unica applications, obtain a certificate in JKS format.
Consult your certificate authority documentation for instructions on how to obtain a signed certificate.