Install a New Server Certificate: PKCS#12 File

Use this procedure to replace the default Web Transfer or User Manager server certificate with a CA-signed certificate contained within a PKCS#12 file.

Before you begin

Obtain a PKCS#12 file (*.p12 or *.pfx) that includes your private key and a certificate signed by a Certificate Authority (CA).

Notes:

  • The PKCS#12 private key and the store itself must use FIPS-compliant cryptography. PBE-SHA1-3DES is the only approved algorithm currently available for encrypting the store. (By default, OpenSSL and the Windows Certificate Manager do encrypt the store using this algorithm.) If your file is not FIPS-compliant, you can re-encrypt the PKCS#12 file or import the file into a Java keystore.
  • The PKCS#12 store and the private key must be protected with the same password.

To replace the default server certificate with a certificate in PKCS#12 file (*.p12 or *.pfx)

The default install path is C:\Program Files\Attachmate\RSecureWebEdition.

  1. Move the PKCS#12 file to the folder that holds the default keystore (or another secure location on your server). The default keystore locations are:

    C:\Program Files\Attachmate\RSecureWebEdition\WebTransfer\etc\

    C:\Program Files\Attachmate\RSecureWebEdition\UserManager\etc\

    Caution: Do not delete any of the existing certificate or keystore files in these locations. The server certificates located here are required for communication between Web Edition components.

  2. Locate the container.properties file in the location below for the server you are updating.

    <install path>\WebTransfer\conf\container.properties

    <install path>\UserManager\conf\container.properties

  3. Open container.properties in a text editor (running as an administrator). Remove the comment character (#) from the following lines. Set keystoretype to PKCS12 and edit keystore and keystorepassword to use your values. For example:

    servletengine.ssl.keystore=../etc/myserver_cert.p12

    servletengine.ssl.keystoretype=PKCS12

    servletengine.ssl.keystorepassword=password

    Note: The path to the keystore must be specified using forward slashes or escaped backslashes. For example: C:/pathto/keystore or C:\\pathto\\keystore

  4. Restart the server you are configuring. See Start and Stop the Web Transfer Server and Start and Stop the User Manager Server.
  5. Test a connection from the Transfer Client or User Manager. . If you can't log in, or continue to see a certificate warning message, see Troubleshooting Server Certificate Setup.

Related Topics

Server Certificate Management