Saturday, 1 April 2017

Workforce 17.x Certificate Installation Procedure.

1) Create a Certificate Request

keytool -genkeypair -v -alias '<hostname>' -keyalg 'RSA' -keysize 2048 -validity 1825 -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password>

CN = <hostname> -> use the servername as CN (important)
OU = OrgUnit
O = Org
L = Altamonte
S = Florida
C = US

2) Generate NEW CSR Request
keytool -certreq -alias '<hostname>' -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password>

-----BEGIN NEW CERTIFICATE REQUEST-----

4Q3Jxb63U9VMpqjGwU54o1cX6sJOpWgpxT5cpgP9tkf8ovV0jmvE3XhGztG1qDlYyov2J8/fMySJ
EUkC8nIKJHV9O/yM0jHZnhpjn1b+dwq8lE92sGz1DDNBDFJp73tnV3OgqOIn12wTro70wpHrao/h
t5LrmRfngtvt+6Bpsa/V7KOpCTXyYKe/OLcYB5r4OsliPUoNijXoIO+018U/3GwW7KP+NYc=
-----END NEW CERTIFICATE REQUEST-----

Once you have this key, save this to notepad and request for a signed key to   (Create a Service Request)

3) These are the intermediate certificates mandatory for your organization to be imported

keytool -importcert -alias 'ahsca' -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password> -file '/u01/wforce/TST/17.0/newAffirmTrust_OV1.cer'
keytool -importcert -alias 'AffirmTrustOV1' -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password> -file '/u01/wforce/TST/17.0/newAffirmTrust_OV1.cer'

4) Once you have the signed key from Step 2. Use the following command to import the key into Keystore

keytool -importcert -alias '<hostname>' -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password> -file '/u01/wforce/TST/17.0/<hostname>.p7b'

5) Once you have the key imported. Use the following command to convert the signed key into PK12 format as workforce will need to be in this format

keytool -importkeystore -srckeystore '/u01/wforce/TST/17.0/workforce.keystore' -destkeystore '/u01/wforce/TST/17.0/<hostname>.p12' -srcstoretype JKS -deststoretype PKCS12 -srcalias 'lkmvwtabsdev21' -srcstorepass <password> -srckeypass <password> -deststorepass <password>

6) Use the ant command to import the certificate back in the keystore

./ant importTomcatCertificate -Dcertificate.file=/u01/wforce/TST/17.0/<hostname>.p12 -Dcertificate.pass=<password> -Dkeystore.alias=<hostname>


7) Important Step.

cat /u01/wforce/TST/17.0/catalina_base/conf/server.xml |grep keyAlias -A2 -B2

     keystoreFile="/u01/wforce/TST/17.0/workforce.keystore"
     keystorePass="<password>" algorithm="SunX509"
            keyAlias="<hostname>"                         <---- Change to <hostname> as shown
            compression="on"
            compressionMinSize="2048"

8) bounce back the Empcenter Services

/u01/wforce/TST/17.0/wfsctl restart



No comments:

Post a Comment