Generating SSL Certificates, Truststores and Keystores

When the Data Server socket is secured via SSL with certificate, an SSL handshake is performed between the client and the server when the client attempts to connect. For this handshake, the client must provide a certificate the server trusts, and the server must provide a certificate the client trusts. A keystore file contains the application's certificate and private key. A truststore file contains the application's trusted certificates. Since this is a two way handshake, the client and the Data Server will both need a keystore and a truststore. These files are created by running the Java keytool on the command line. The following steps generate self-signed certificates for host1(server) and host2(client) along with client and server side truststore (client_truststore.jks and server_truststore.jks) and keystore (client_keystore.jks and server_keystore.jks) files. Typically certificates would be signed by a trusted certificate authority. The file names and passwords used here are arbitrary.

On the command line, execute the following:

keytool -genkey -keystore server_keystore.jks -alias rtview_server -validity 3650 -keyalg RSA -storepass mypassword -keypass mypassword -dname cn=host1
keytool -list -v -keystore server_keystore.jks -storepass mypassword
keytool -export -alias rtview_server -keystore server_keystore.jks -storepass mypassword -file server.cer
keytool -importcert -alias rtview_server -file server.cer -v -noprompt -keystore client_truststore.jks -storepass mypassword
keytool -genkey -keystore client_keystore.jks -alias rtview_client -validity 3650 -keyalg RSA -storepass mypassword -keypass mypassword -dname cn=host2
keytool -export -alias rtview_client -keystore client_keystore.jks -storepass mypassword -file client.cer
keytool -importcert -alias rtview_client -file client.cer -v -noprompt -keystore server_truststore.jks -storepass mypassword

For more information on how to use keytool, see the Oracle Java documentation.

For additional information on securing connections to your monitored components, see Creating Secure Connections. To see additional information on the Security tab in the Configuration Application, see Security Tab.