SXI Forum

A place to collect usefull tips, tricks and implementation strategies.

You are not logged in.

Pages: 1

#1 21-11-2018 17:00:19

SeanR
Administrator
Registered: 20-11-2018
Posts: 148

Security: Generate and implement a Self Signed Certificate

READ THIS FIRST:

Self-signed certificates are helpful when a client uses an SSL web services connection to their integration partner (like BCX & BHP, Gijima & SolveDirect). When the certificate expires, the client does not always want to purchase a new certificate from a certification authority, but use a self-signed certificate instead in order to save costs.

Follow the 6 steps below to generate a self-signed certificate, and send the public one to the integration partner to implement on their side.

Normally self-signed certificates should only be used in development environments, but most of the time integration partners are running a dedicated IPSEC tunnel between them, so it should be safe to use.

Self-signed certificates are not advisable when the connection between partners are insecure.

  1. Run the command below to generate a self-signed cert in an new empty keystore called tempks.jks (choose a new name for the keystore and fix the -dname to fit your URL):

    "C:\Program Files\Southern X Integrators\jre\bin\Keytool.exe" -genkey -keyalg RSA -alias selfsigned -keystore tempks.jks -storepass T@gi2b2 -validity 365 -keysize 2048  -dname "CN=webservice.MYDOMAIN.co.za,OU=MYCOMPANY, O=MY COMPANY (Pty) Ltd, L=Midrand, ST=Gauteng, C=ZA"

  2. Use this newly generated keystore in the configserver.xml. The server.xml in the Tomcat config directory points to the keystore to be used.

  3. Run the command below to export the certificate, which will be sent to the Integration Partner Company (file IntPartnr.cer):

    "C:\Program Files\Southern X Integrators\jre\bin\Keytool.exe" -export -alias selfsigned -file IntPartnr.cer -keystore tempks.jks

  4. Restart the Apache TomCat service.

  5. Then go to webservice.MYDOMAIN.co.za on an internet browser on the server where Tomcat is installed. You should get an error that the cert is not trusted. Import the Cert into the Trusted Root Certification Authorities store on that server. The reason for this is that Self-signed certificates by default gives this error and first has to be trusted.

  6. Reconnect again to the above URL in the browser - It should now show that certificate is trusted.

Offline

#2 22-11-2018 08:38:47

SeanR
Administrator
Registered: 20-11-2018
Posts: 148

Re: Security: Generate and implement a Self Signed Certificate

Generate and implement a Self Signed Certificate for SSL Web Services connections, I use KeyTool IUI - standalone

https://code.google.com/p/keytool-iui/

Offline

Pages: 1

Board footer

Powered by FluxBB