Step 4: Add the Web server's certificate to the Java keyring (Java 2 clients only).


top Certificate-based Web Express Logon
This step only applies to Certificate-based Web Express Logon. If you are not using client certificates to authenticate users to a secure Web server, skip to the next step.

For Java 2 clients, if the Web Server's certificate is self-signed or has not been issued by a trusted Certificate Authority (CA), you must add the Web server's certificate to the Java keyring in order to for clients to make secure HTTPS connections to the Web server.

To add the certificate to the keyring for Java 2 clients, take the following steps:
  1. Open a Windows command prompt and input the following command. Note that the syntax of the command remains the same, regardless of the location of the library, which may vary depending on the vendor and version of the JRE:
    C:\Program Files\HCL\Java14\jre\bin>keytool -import -alias "ZIE HTTP Server" 
    -file httphodnotnet.der -keystore ..\lib\security\cacerts -storepass changeit
  2. If you input your command successfully, the output should look similar to the following:
    Owner: CN=hodnotnet.raleigh.hcl.com, OU=Test, O=HACP, L=Chapel Hill, ST=NC, 
    POST ALCODE=27514, C=US 
    Issuer: CN=hodnotnet.raleigh.hcl.com, OU=Test, O=HACP, L=Chapel Hill, ST=NC, 
    POS TALCODE=27514, C=US 
    Serial number: 40a27eaf Valid from: Tue May 11 15:44:47 EDT 2004 
    		until: Thu May 12 15:44:47 EDT 2005 
    Certificate fingerprints:          
    	MD5:  97:A9:31:88:4E:DC:77:08:C2:1D:1E:22:79:E8:4C:E8          
    	SHA1: 16:26:88:91:67:4D:71:FD:2A:D4:9B:47:0C:96:07:C3:8D:3F:CC:37 
    Trust this certificate? [no]:  yes 
    Certificate was added to keystore
  3. Certificate-based Web Express Logon also requires a client certificate. This client certificate must be available to both the Web browser (usually stored in the browser keystore) as well as to Java 2. To make the certificate available, take these steps:
    1. Start the Java Control Panel for the JRE.
    2. On the Java Control Panel, go to the 'Advanced' tab and enter the following line for 'Java Runtime Parameters':
      -Djavax.net.ssl.keyStore=<C:\path\cert_name.pfx> 
      -Djavax.net.ssl.keyStorePassword=
      <certficate password> -Djavax.net.ssl.keyStoreType=pkcs12