Page History
The IDERA Dashboard Web Application service comes with SSL TLS1.2 already set up. By default, SSL TLS works with a self-signed certificate. This certificate can be used for encryption only and does not prove the identity of the server.
That default certificate is not signed by any well-known Certification Authority (CA), and is intended only for use in testing purposes. When a user attempts to open the SSL TLS version of the IDERA Dashboard Web interface, a warning appears in the browser window.
...
Every browser comes with a pre-defined list of well-known CAs. You can find a sample list of CAs at http://www.dmoz.org/Computers/Security/Public_Key_Infrastructure/PKIX/Tools_and_Services/Third_Party_Certificate_Authorities/.
Along with the name of your organization and the name of your server, a CA-signed certificate contains the public key of the server. This public key is used by the browser to encrypt data sent to the server. There is a private key on the server. The server uses the private key to decrypt the data encrypted by the public key. The private key should be kept secure on the server to prevent unauthorized access.
For more information about public key cryptography, see
Newtab2 | ||||
---|---|---|---|---|
|
Newtab2 alias VeriSign url http://www.verisign.com/ Newtab2 alias Thawte url http://www.thawte.com/ Newtab2 alias CAcert url http://www.cacert.org/ Newtab2 alias GoDaddy url https://www.godaddy.com/ssl/ssl-certificates.aspx?ci=92420
Generating a certificate request
...
Info | ||||||
---|---|---|---|---|---|---|
You can download OpenSSL for Windows installation package from
|
- Start a Windows Command Prompt by clicking Start > Command Prompt. Alternatively, you can go to Start > Run and then type cmd without quotes and press <Enter>.
- Use
C:
and thencd\
commands to go to the root directory of the disk C, where the key and certificates are located. - Run the following commands to convert the key and the certificate from PEM to DER format.
C:\OpenSSL\bin\openssl pkcs8 -topk8 -nocrypt -in wildcard.idera.com.key -inform PEM -out wildcard.idera.com.key.der -outform DER
C:\OpenSSL\bin\openssl x509 -in wildcard.idera.com.crt -inform PEM -out wildcard.idera.com.crt.der -outform DER
- Use the
cd
command to go to the directory where the keytool is located.
cd "C:\Program Files\Idera\Dashboard\WebApplication\JRE\bin\"
- Use Internet Explorer to download the ImportKey utility.
- Point Internet Explorer to
community.igniterealtime.orgNewtab2 alias http://
. Unzip the utility toigniterealtime.jiveon.com/servlet/JiveServlet/download/196707-4718/importkey.zip url http://igniterealtime.jiveon.com/servlet/JiveServlet/download/196707-4718/importkey.zip C:\Program Files\
directory.Idera\Dashboard\WebApplication\JRE\bin\
Run the following command. It will launch the ImportKey utility and create the keystore file (default name is keystore.ImportKey) in your home directory (in Windows 2008 it is usually
C:\Users\<your username>
). The private key and the certificate will be placed there.
java ImportKey c:\wildcard.idera.com.key.der c:\wildcard.idera.com.crt.der
Info The keystore and key passwords both must be set to password.
- The following command allows you to set the password for your keystore file. The default password is importkey. Enter it when prompted, and then type the new password, which must be set to password.
keytool -storepasswd -keystore c:\Users\Administrator\keystore.ImportKey
- This command will allow you to set the password for the key file in the keystore. The default password is importkey. Enter it when prompted, and then type the new password, which must be set to password.
keytool -keypasswd -alias importkey -ketstore c:\Users\Administrator\keystore.ImportKey
- Use Internet Explorer to download the intermediate certificate chain for the Certification Authority (CA). For example, point Internet Explorer to
.Newtab2 alias https://certificates.godaddy.com/repository/sf_issuing.crt url https://certificates.godaddy.com/repository/sf_issuing.crt - Save the intermediate certificate chain to the root directory of the disk C.
Import the received trusted certificate into your keystore file.
keytool -import -alias intermed -file c:\sf_issuing.crt -keystore c:\Users\Administrator\keystore.ImportKey -trustcacerts
Info Internet Explorer may change the file extension. If the command above does not work, try
sf_issuing.cer
instead ofsf_issuing.crt
.- Open Windows Explorer. Navigate to the directory
C:\Program Files\Idera\Dashboard\WebApplication\conf
. - Rename the file
keystore
tokeystore.old
. Then rename the fileC:\Users\<your username>\keystore.ImportKey
toC:\Program Files\Idera\Dashboard\WebApplication\conf\keystore
. - Restart the IDERA Dashboard Web Application service.
...
Read more about Java keytool for Windows:
Newtab2 | ||||
---|---|---|---|---|
|
Scroll pdf ignore | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| IDERA Website | Products | Purchase | Support | Community | About Us | Resources | Legal