Administration Guide > TDV and SSL Authentication > Setting Up SSL > Example - How to Obtain a third-party SSL Certificate and install into your Server and Studio Truststore?
 
Example - How to Obtain a third-party SSL Certificate and install into your Server and Studio Truststore?
For the purposes of illustration, we will assume the following:
Your certificate provider sends you a certificate chain comprised of three certificates:
1. clu_win64.com.cer
2. sub1.clu_win64.com_clu_win64.com_.cer
3. sub2.clu_win64.com_sub1.clu_win64.com_.cer
You are using your a keystore file named 'root.jks' to store the Private Key.
Your TDV server is running at : localhost:9400 and it is installed in the folder C:\apps\tdv.
 
Follow the steps below to obtain an SSL certificate and connect to Studio :
1. Create a Private key:
C:\apps\tdv\jdk\bin\keytool -genkey -alias AliasForMyCertificates -keyalg RSA -keystore KeyStoreForMyCertificates.jks -keysize 2048
2. Use the Private key to create a CSR request (i.e. a file to Request a New Certificate
C:\apps\tdv\jdk\bin\keytool -certreq -alias AliasForMyCertificates -keystore KeyStoreForMyCertificates.jks -file RequestTheCertificate.csr
 
3. To get an SSL certificate, submit the CSR file to a certificate provider (e.g Verisign or Thawte)*
The Certificate provider will respond by sending back a Private key file (e.g. *root.jks*). It is strongly recommended to have the provider send it as a JKS file as this is the format that TDV expects. You can verify that the file contains a Private key by using keytool to search for a "PrivateKeyEntry" as below:
"C:\apps\tdv\jdk\bin\keytool -list -v -keystore root.jks -storepass changeit
 
Alias name: clu_win64.com
Creation date: Jun 18, 2017
Entry type: PrivateKeyEntry
 
4. Copy root.jks to C:\apps\tdv\conf\server\security
 
5. Open Studio and set these 2 configuration settings:
Server >> Communications >> Keystore Key Alias (On Server Restart) = clu_win64.com
Server >> Communications >> Keystore File Location (On Server Restart) = C:/apps/tdv/conf/server/security/root.jks
 
6. Open a browser, connect to TDV and view the certificate details in the browser*. You should see the new certificate i.e. clu_win64.com)
 
7. Open Studio, click the "Encrypt" checkbox", and attempt to connect*. As the certificates are not yet in the Studio truststore, an error dialog will pop up stating that there is an RMI exception. This will be accompanied by a "PKIX path building" error in the cs_studio.log. This error is expected. It verifies that TDV is using the certificate to open an SSL connection with the client (in this case, Studio).
 
8. Import the certificates into the Studio truststore as below:
cd C:\apps\tdv\conf\studio\security
 
C:\apps\tdv\jdk\bin\keytool -import -alias firstalias -file
 
C:\apps\cert\clu_win64.com.cer -keystore cis_studio_truststore.jks -storepass changeit
 
C:\apps\tdv\jdk\bin\keytool -import -alias secondalias -file
 
C:\apps\cert\sub1.clu_win64.com_clu_win64.com_.cer -keystore cis_studio_truststore.jks -storepass changeit
 
C:\apps\tdv\jdk\bin\keytool -import -alias thirdalias -file
 
C:\apps\cert_test_for_CIS-66774\sub2.clu_win64.com_sub1.clu_win64.com_.cer -keystore cis_studio_truststore.jks -storepass changeit
 
9. Shut down and re-open Studio, click the "Encrypt" checkbox" and attempt to connect once more*. This time, Studio should connect.