Replacing the Default Self-Signed Certificate with a CA-Authorized Certificate
You can replace the default, self-signed certificate with one authorized by an appropriate CA.
- Either:
- Create a new keystore file containing the required certificate.
- Import the required certificate into the existing install-server-store.jks keystore file.
- Edit (as required) the following properties in the
KeystoreCspRT resource template:
- Location of keystore: Identifies the keystore file that contains the required certificate.
Note: You can either upload a keystore to be served from the TIBCO ActiveMatrix® Service Grid Administrator interface; or you can enter its external location as a URL or as a pathname to a file.
If you specify a pathname, it must be to a file that exists locally.
- Password: The password needed to access the keystore.
- Type: The appropriate keystore type.
- Location of keystore: Identifies the keystore file that contains the required certificate.
- Edit the following properties in the
SslServerRT resource template:
- Key Alias to Access Identity: Identifies the alias needed to access the certificate in the keystore.
- Key Alias Password: The password associated with this alias.
- Reinstall the KeystoreCspRI resource instance.
- Reinstall the SslServerRI resource instance.