Generating SSL keystore

You need to generate an SSL keystore if you need to enable HTTPS access for the Conversion Service server and D1 server.

You will need to repeat the procedure described on this page for all server nodes for which you want to enable HTTPS access.

To generate an SSL keystore for the installation server

1. On the installation server (Conversion Service or D1), create a folder where the SSL keystore will be stored. For example, create the SSL folder under Home/Documents.

   

2. Go to the newly created folder and run the terminal from it.

3. Generate the private key and certificate files necessary for creation of the SSL keystore by running the following command:

   $ openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

   When the command runs, you will be prompted for some data. When the command completes, the files will be created and added to the folder specified on step 1:

   

4. Generate the keystore.pkcs12 file by running the following command:

   openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in certificate.crt -inkey privateKey.key -out keystore.pkcs12 -name "tribefire"
   Note

   You will be prompted for password in the process of creation the keystore file.

   Keep the record of the password as you will need it later. The password value will be used for the sslKeystorePassword parameter in the configuration file of your server.

   

Now that you have the keystore, you can add its path to the configuration file of your installation server:

path: "/home/user/Documents/SSL/keystore.p12"

Where to go from here

After you create the SSL keystore and private key, you can set up JAVA environment variables for the installation server. Go to Setting up JAVA environment variables.