To use X.509 client certificates for authentication, a keystore
with CA certificates must be placed in the installation directory.
Procedure
-
If you do not yet have a keystore, follow these steps:
-
Create a keystore and import the CA certificates by executing
the following command:.
><installation dir>/jdk/bin/keytool -importcert -alias cacert -keystore <installation dir>/tomcat/certs/<keystore filename> -file <certificate filename>
CA certificates can be in either PEM format or DER format.
Example for Windows:
>
C:\spotfire\spotfireserver\<version>\jdk\bin\keytool
-importcert -alias cacert -keystore
C:\spotfire\spotfireserver\<version>\tomcat\certs\example.jks
-file cacert.cer
where "example" in
example.jks is the server hostname.
-
Repeat the previous step for each additional CA certificate.
-
When you have a keystore containing the CA certificates, copy the
keystore file to the
<installation dir>/tomcat/certs directory.
Note: The keystore
containing the CA certificates can be in either PKCS #12 or JKS format.