Getting a certificate signed by a Certificate Authority

Note: Any changes to their keystore require BVR, BRM and/or BAM to be restarted to take effect

To get a certificate signed by a Certificate Authority, you need to:

1. Create a Certificate Signing Request (CSR)
keytool -certreq -alias blueworx -keystore keystore.jks -file blueworx.csr.
2. Get the certificate signed by a Certificate Authority
Send the blueworx.csr file to the Certificate Authority
3. Ensure that Certificate Authority is trusted in the keystore and truststore
If its not already in the keystore and/or truststore then it can be added as described here Adding a Certificate Authority to a Truststore (or Keystore)
4. Import the certificate generated and supplied by the Certificate Authority (blueworx_signed.cer) using the same alias as the certificate request
keytool -import -alias blueworx -file blueworx_signed.cer -keystore keystore.jks

In the examples above the alias has been set to blueworx which is the default alias used by BVR, BRM and BAM. A different alias can be used but it must be configured using the keystore_key_alias described in Security Configuration Options, Security Configuration Options and/or Security Configuration Options

Information on Certificate Authorities can be found here

For further information on the keytool command, please refer to the Oracle keytool documentation.