Obtain or create certificates

Complete the following procedures to create self-signed certificate files and use with HCL Unica.
  1. Create a certificate for a C++ application HCL Unica components.
  2. Create a certificate for a C++ application Java Unica components.

Create a certificate for a C++ application HCL Unica components

The Campaign listener implements SSL using the OpenSSL library. The OpenSSL distribution includes a command-line program called openssl that can create a certificate file. For details on using this program, see the OpenSSL documentation. You can also access the help by entering -help, when you run the program.

Complete the following steps to create a self-signed certificate and configure a C++ HCL Unica component for SSL.
  1. Run openssl at the command line. This program and its associated configuration file, openssl.cnf, are included in the bin directory of the Campaign installation. It is also available with the OpenSSL distribution.
  2. Generate a key. Here is a sample command that creates a key named key.pem.

    set OPENSSL_CONF=CAMPAIGN_HOME\bin\openssl.cnf

    openssl genrsa -out key.pem 4096

  3. Generate a request. Here is a sample command that creates a key named request.pem.

    openssl req -config openssl.cnf -new -key key.pem -out request.pem

    The tool asks you a series of questions. If you enter a period (.) the field is left blank. For a self-signed certificate, you must at least enter the Common Name.

    If you are using the openssl tool from the Campaign/bin directory, add the -config parameter with a value that points to the openssl.cnf file in the same directory. For example: openssl req -config openssl.cnf -x509 -key key.pem -in request.pem -days 1000 -out certificate.pem

  4. Generate a certificate. The following sample command creates a certificate named certificate.pem with an expiration of 10,000 days from the day it was created, using the request.pem and key.pem files.

    openssl req -x509 -key key.pem -in request.pem -days 10000 -out certificate.pem

    If you are using the openssl tool from the Campaign/bin directory, add the -config parameter with a value that points to the openssl.cnf file in the same directory. For example:

    openssl req -config openssl.cnf -x509 -key key.pem -in request.pem -days 10000 -out certificate.pem

  5. Create new certificate file example campaign.pem.
  6. Copy key.pem and certificate.pem content into this file separated by new line.

Create a certificate for Java HCL Unica components

HCL Unica web application components written in Java use the JSSE library. The Sun JDK includes a program called keytool, which can create a certificate file. For details on using this program, see the Java documentation. You can also access the help by entering -help when you run the program.

Complete the following steps to create a self-signed certificate and configure a Java HCL Unica component for SSL.
  1. Run keytool at the command line. This program is included in the bin directory of the Sun Java JDK.
  2. Generate an identity keystore. The following sample command creates a keystore named UnicaClientIdentity.jks.

    keytool -genkey -alias UnicaClientIdentity -keyalg RSA -keystore UnicaClientIdentity.jks -keypass clientPwd -validity 1000 -dname "CN=hostName, O=myCompany" -storepass clientPwd

    Note the following:
    • Make a note of the -storepass value (clientPwd in the example) as you require it when you configure the application server.
    • Make a note of the -alias value (UnicaClientIdentity in the example) as you require it for the rest of this procedure.
    • The common name (CN) in the distinguished name must be the same as the host name used to access HCL Unica. For example, if the URL for HCL Unica is https://hostName.companyDomain.com:7002/unica/jsp, then the CN must be hostName.companyDomain.com. The CN portion of the distinguished name is the only required portion; Organization (O) and Organizational Unit (OU) are not required.
    • For WebSphere 6.0, the keystore password and key password must be the same.
  3. Generate a certificate based on the identity keystore you created. The following sample command creates a certificate named UnicaCertificate.cer. The value of -alias is the alias that you set for the identity keystore (UnicaClientIdentity in the example).

    keytool -export -keystore UnicaClientIdentity.jks -storepass clientPwd-alias UnicaClientIdentity -file UnicaCertificate.cer

  4. Generate a trusted keystore based on the certificate you created. The following sample command creates a trusted keystore named UnicaTrust.jks.

    keytool -import -alias UnicaClientIdentity -file UnicaCertificate.cer-keystore UnicaTrust.jks -storepass trustPwd

    Note the following:
    • Type Y when prompted to trust the certificate.
    • The value of -alias is the alias you set for the identity keystore (UnicaClientIdentity in the example).
    • Make a note of the -storepass value (trustPwd in the example) as you require it when you configure the application server.

Import Open SSL certficate into java key store

keytool -import -alias ListenerKey -file CAMPAIGN_HOME\bin\certificate.pem -keystore PlatformClientIdentity.jks -storepass password

keytool -import -file CAMPAIGN_HOME\bin\certificate.pem -alias ListenerKey -keystore <APP_SERVER_JAVA>\jre\lib\security\cacerts

How to obtain signed certificates

You can either use the OpenSSL and keytool programs to create requests to send to a CA to create signed certificates or you can obtain signed certificates entirely provided by the CA.
Note:
  • For HCL Unica applications written in C++, obtain a certificate in PEM format.
  • For all other HCL Unica applications, obtain a certificate in JKS format.

Consult your certificate authority documentation for instructions on how to obtain a signed certificate.