Skip to main content
Skip table of contents

Replace the default web service SSL certificate

Overview

To replace the self-signed SSL certificate used by the Peer Management Center Web Service, you need to complete three tasks:

  1. Obtain your own certificate (with private keys) from an internal or public Certificate Authority.  
  2. Create a Java-specific keystore containing the PFX-based certificate bundle.

  3. Replace the web service's default keystore with the new custom one.

See the Step-by-step guide section for detailed instructions.

This applies to PeerGFS v5.1 and earlier.  If you are using a later version of PeerGFS, see Replace TLS certificates.

Step-by-step guide

Task 1.  Obtain your own certificate.

The certificate and keys should be bundled in a PFX file.  However, a description of the process for obtaining a certificate is outside the scope of this document.

Task 2.  Create a Java keystore with your own certificates.

You will be using Java keytool application included with your Peer Management Center installation.

  1. View the contents of the PFX file by running the following command:

    CODE
    <PMC_INSTALLATION_FOLDER>\jre\bin\keytool.exe -list -v -keystore <PFX PATH> -storetype pkcs12 

    where:
         <PMC_INSTALLATION_FOLDER> represents the root installation directory of the Peer Management Center (for example, C:\Program Files\Peer Software\Peer Management Center\).
         <PFX PATH> represents the path to your PFX file.
    Note:   If the PFX file is configured with a password, the keytool application will prompt you to enter it.

  2. Take note of the Alias name in the output of Step 1.
  3. Create a new Java-specific keystore with your PFX file by running the following command:

    CODE
    <PMC_INSTALLATION_FOLDER>\jre\bin\keytool.exe -importkeystore -deststorepass <DEST STORE PW> -destkeypass <DEST KEY PW> -destkeystore <KEYSTORE PATH> -srckeystore <PFX PATH> -srcstoretype PKCS12 -srcalias <SRC CERT ALIAS> -destalias pmcweb

    where:
         <PMC_INSTALLATION_FOLDER> is the root installation directory of the Peer Management Center (for example, C:\Program Files\Peer Software\Peer Management Center\).
         <DEST STORE PW> is the password for the output Java-specific keystore.
         <DEST KEY PW> is the encryption key used by the output Java-specific keystore.
         <KEYSTORE PATH> is the path to the output Java-specific keystore.  We recommend naming the keystore file pmcweb.ks or something similar, but the default name web.ks should not be used because the installer will overwrite it.
         <PFX PATH> is the path to your PFX file.
         <SRC CERT ALIAS>
    is the certificate alias from Step 2.
    Note:  If the PFX file is configured with a password, the keytool application will prompt you to enter it.

  4. Copy the resulting keystore file to <PMC_INSTALLATION_FOLDER>\Hub\keys in preparation for the next task.

Task 3.  Replace the web service's default keystore.

  1. Navigate to the following folder: <PMC INSTALLATION_FOLDER>\Hub\web-configuration
  2. Open the config.ini file in a text editor.
  3. In the config.ini file, find:

    CODE
    org.eclipse.equinox.http.jetty.ssl.keystore=

    This should point to the name of the Java-specific keystore file from Step 3 in the preceding task.  We recommend using the name pmcweb.ks.  The default name web.ks should not be used because the installer will overwrite it.

  4. Set it equal to:

    CODE
    keys/pmcweb.ks
  5. In this config.ini file, find:

    CODE
    org.eclipse.equinox.http.jetty.ssl.keypassword=
    org.eclipse.equinox.http.jetty.ssl.password=
  6. Set both lines equal to the <DEST KEY PW> from Step 3 in Task 1.
  7. Restart the Peer Management Center Web Service.
  8. Test accessing the web interface via HTTPS.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.