Creating a self-signed SSL certificate for File-AID Services

Perform the following steps to create a self-signed Secure Sockets Layer (SSL) certificate for File-AID Services (FAS):

1. Download the KeyStore Explorer from the KeyStore Explorer site, install it, and launch the application.

2. Click Create a new KeyStore.

3. Select JKS.

4. Click on the tool bar.

5. Enter the KeyStore password. You can specify a password of your choice.

6. To save the KeyStore, specify the location. Use the file name as ‘keystore’ and save.

7. Right click the blank space in the KeyStore editor and select Generate Key Pair or click in the tool bar.

8. Select RSA, specify the key size as 2048, and click OK. Note that request processing takes time.

9. In the Generate Key Pair Certificate window, specify the the validity end period.

10. Click the book icon that is located next to the Name field, enter the the details as shown in the following image, and click OK. In the Common Name (CN) field, enter the name of the host machine. Rest of the details remain the same.

11. In the Generate Key Pair Certificate window, click OK.

12. When prompted for the key pair alias, enter 'jetty’.

13. When prompted for the password, enter the password that you specified in step 5.

14. Right click jetty and select Export > Export Certificate Chain.

15. Keep the default values, specify the export location, and click Export. In the Export File path, rename jetty.cer to hostName.cer.

16. When prompted to save the KeyStore, click Yes.

Important

The KeyStore is installed on the FAS jetty server, while the certificate chain is added to the windows client machine’s trusted certificate store. Note that windows machine is the machine on which you installed Workbench.

To verify the SSL certificate in Java KeyStore, enter the following command:

keytool -list -v -keystore my.certificate.chain.jks | grep -A 1 "Owner"

Creating a self-signed SSL certificate for File-AID Services

On this page