Note: Any changes to their keystore require BVR, BRM, BAM and/or BSM to be restarted to take effect
To get a certificate signed by a Certificate Authority, you need to:
- 1. Create a Certificate Signing Request (CSR)
- bvr_keytool -certreq -alias blueworx -keystore keystore.jks -file blueworx.csr.
- 2. Get the certificate signed by a Certificate Authority
- Send the blueworx.csr file to the Certificate Authority
- 3. Ensure that Certificate Authority is trusted in the keystore and truststore
- If its not already in the keystore and/or truststore then it can be added as described here Adding a Certificate Authority to a Truststore (or Keystore)
- 4. Import the certificate generated and supplied by the Certificate Authority (blueworx_signed.cer) using the same
alias as the certificate request
- bvr_keytool -import -alias blueworx -file blueworx_signed.cer -keystore keystore.jks
In the examples above the alias has been set to blueworx which is the default alias used by BVR, BRM, BAM and BSM.
A different alias can be used but it must be configured using the keystore_key_alias described in Security Configuration Options, Security Configuration Options, Security Configuration Options
and/or BSM Security Configuration Options
Information on Certificate Authorities can be found here https://en.wikipedia.org/wiki/Certificate_authority
For further information on the bvr_keytool command, please refer to the Oracle keytool
documentation. https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html