Replace the Default Server Certificate
Use the following procedure to replace the self-signed certificate that is installed with these Web Edition servers:
- Reflection for Secure IT Web Server
- Reflection for Secure IT User Manager
Before you begin
Obtain a Java keystore (*.jks) file that contains your private key and a certificate signed by a Certificate Authority (CA). You can use either of these approaches, described in the topics that follow:
- If you have a PKCS#12 file (*.p12 or *.pfx) provided by the CA, import the PKCS#12 file into a Java keystore.
-OR-
- Generate a key pair and keystore, create a Certificate Signing Request and submit it to CA. Once you have received the signed certificate for your server, import the CA-signed certificate into your keystore.
To replace the default server certificate
Note: The paths below are located in the Web Edition installation folder. The default is C:\Program Files\Attachmate\RSecureWebEdition.
- Move the new Java keystore to the folder that holds the default keystore (or another secure location on your server). The default keystore locations are:
<install path>\WebServer\etc\
<install path>\UserManager\etc\
- Locate the container.properties file in the location below for the server you are updating.
<install path>\WebServer\conf\container.properties
<install path>\UserManager\conf\container.properties
- Open container.properties in a text editor. Remove the comment character (#) from the following lines and edit them to point to your keystore and specify your keystore password. For example:
servletengine.ssl.keystore=../etc/newkeystore.jks
servletengine.ssl.keystorepassword=password
Note: The path to the keystore must be specified using forward slashes or escaped backslashes. For example:
C:/pathto/keystore
C:\\pathto\\keystore - Restart the server you are configuring. See Start and Stop the Transfer Client Web Server and Start and Stop the User Manager Server.
 |