This procedure describes how to create and configure your own certificates for your
setup.
About this task
The following procedure describes how to create and configure self-signed certificates for
Unica Campaign and Unica Platform.
For additional details on using GSKit, see http://www.ibm.com/developerworks/security/tutorials/se-gskit/. You can use these steps as a
guide for configuring certificates for other Unica products.
Procedure
-
Use GSKit to generate SSL certificates as follows.
-
Create and initialize a new key database.
For example:
gsk8capicmd_64 -keydb -create -populate -db Campaign.kdb -pw password
-stash
The
-stash
option is required for
Unica Campaign.
-
Use GSKit to generate a self-signed certificate for Unica Campaign and store it in the key database, as
follows.
For example:
gsk8capicmd_64 -cert -create -db Campaign.kdb -dn "CN=example.com,O=domain,C=IN" -expire
3650 -pw password -size 1024 -label exampleLabel -default_cert yes
-
Extract the public part of the certificate to a file.
For the clients to trust a certificate, its public part needs to be distributed to the clients
and stored in their key databases. In this step, you export the public part of the Unica Campaign certificate. You import it in a later
step.
For example:
gsk8capicmd_64 -cert -extract -db Campaign.kdb -stashed -label exampleLabel -target
Campaigncert.arm
-
Import the Campaigncert.arm file into the application server where the
Campaign web application is deployed.
-
Copy the Campaigncert.arm file to the Campaign web application
server.
-
Add the Campaigncert.arm file in the
NodeDefaultTrustStore of the WebSphere Application Server by completing the
following steps:
- Click .
- Click .
- Click Add and provide the Alias and the path where
the Key.arm file is copied.
- Click OK.
-
Use keytool to generate and import a Java identity certificate for Unica Platform as follows.
-
Generate the Unica Platform identity
certificate.
For example:
./keytool -genkey -alias PlatformClientIdentity -keyalg RSA -keystore
PlatformClientIdentity.jks -keypass password -validity 3650 -dname "CN=example.com" -storepass
password
-
Export the certificate from keystore (PlatformClientIdentity in the example) into a file (
PlatformCertificate.cer in the example).
./keytool -export -keystore PlatformClientIdentity.jks -storepass password -alias
PlatformClientIdentity -file PlatformCertificate.cer
-
Import the certificate that you exported into the Unica Platform keystore (PlatformTrust.jks in the
example).
For example:
./keytool -import -alias PlatformClientIdentity -file PlatformCertificate.cer -keystore
PlatformTrust.jks -storepass password
-
Extract Personal and Signer certificates from the IBM Campaign WebSphere Application
Server.
-
Click .
-
Click .
-
Select the default certificate.
-
Provide the Certificate file name and a valid path in Campaign web
application server, and click OK.
-
Click .
-
Select the default certificate.
-
Provide the Certificate file name and a valid path in Campaign web
application server, and click OK.
-
Import the Personal and Signer certificates into the listener keystore database.
-
Copy the ClientPersonal.cer and ClientSigner.cer
certificates to the Listener server.
-
Import the Personal and Signer certificates to the listener keystore database by using the
gsk8capicmd_64 command from the location from where listener keystore database
(Campaigncert.kdb) was created.
gsk8capicmd_64 -cert -add -db Campaigncert.kdb -stashed -label ClientPersonalKey -file ClientPersonal.cer
gsk8capicmd_64 -cert -add -db Key.kdb -stashed -label ClientSignerlKey -file ClientSigner.cer
-
Exchange certificates between Unica Campaign
and Unica Platform.
-
Use keytool to import the Unica Campaign certificate into the Unica Platform identity and keystore.
For example:
./keytool -import -file PATH_TO_GSKit_certificate/Campaigncert.arm -alias
listenerkey2 -keystore
PATH_TO_JAVA_CERTIFICATE/PlatformClientIdentity.jks
./keytool -import -file PATH_TO_GSKit_certificate/Campaigncert.arm -alias
listenerkey2 -keystore PATH_TO_JAVA_CERTIFICATE/PlatformTrust.jks
-
Use GSKit to import the Unica Platform
certificate into the Unica Campaign key database.
For example:
gsk8capicmd_64 -cert -add -db Campaign.kdb -stashed -label PlatformClientIdentity -file
PATH_TO_JAVA_CERTIFICATE/PlatformCertificate.cer
-
Use keytool to import the Java certificate and Campaign GSKit certificate into the application
server Java keystore.
-
Import the Unica Platform Java
certificate.
For example:
./keytool -import -file PATH_TO_JAVA_CERTIFICATE/PlatformCertificate.cer
-alias platformkey1 -keystore
APPLICATION_SERVER_HOME/java/jre/lib/security/cacerts <Password:
changeit>
-
Import the Unica Campaign GSKit
certificate.
For example:
keytool -import -file PATH_TO_GSKit_certificate/campaign.arm -alias
CampaignListener -keystore
APPLICATION_SERVER_HOME/java/jre/lib/security/cacerts
-
If the Campaign Listener is using SSL, In the unicaACListener settings set
useSSL to TRUE, otherwise set it to
FALSE.
-
Restart the Campaign Application Server and the Campaign Listener.