Skip to main content
Skip table of contents

Replace the default web service SSL certificate

Overview

To replace the self-signed SSL certificate used by the Peer Management Center Web Service, you need to complete three tasks:

  1. Obtain your own certificate (with private keys) from an internal or public Certificate Authority.  The certificate and keys should be bundled as a PFX file.  
    Note:  A description of the process of obtaining a certificate is is outside the scope of this document.

  2. Create a Java-specific keystore containing the PFX-based certificate bundle.

  3. Replace the web service's default keystore with the new custom one.

Tasks 2 and 3 are described in the Step-by-step guide section.

Step-by-step guide

Task 2.  Create a Java keystore with your own certificates.

You will be using Java keytool application included with your Peer Management Center installation.

  1. View the contents of the PFX file by running the following command:

    CODE 
    <PMC_INSTALLATION_FOLDER>\jre\bin\keytool.exe -list -v -keystore <PFX PATH> -storetype pkcs12

    where:
         <PMC_INSTALLATION_FOLDER> represents the root installation directory of the Peer Management Center (for example, C:\Program Files\Peer Software\Peer Management Center\).
         <PFX PATH> represents the path to your PFX file.
    Note:   If the PFX file is configured with a password, the keytool application will prompt you to enter it.

  2. Take note of the Alias name in the output of Step 1.

  3. Create a new Java-specific keystore with your PFX file by running the following command:

    CODE 
    <PMC_INSTALLATION_FOLDER>\jre\bin\keytool.exe -importkeystore -deststorepass <DEST STORE PW> -destkeypass <DEST KEY PW> -destkeystore <KEYSTORE PATH> -srckeystore <PFX PATH> -srcstoretype PKCS12 -srcalias <SRC CERT ALIAS> -destalias pmcweb

    where:
         <PMC_INSTALLATION_FOLDER> is the root installation directory of the Peer Management Center (for example, C:\Program Files\Peer Software\Peer Management Center\).
         <DEST STORE PW> is the password for the output Java-specific keystore.
         <DEST KEY PW> is the encryption key used by the output Java-specific keystore.
         <KEYSTORE PATH> is the path to the output Java-specific keystore.  We recommend naming the keystore file pmcweb.ks or something similar, but the default name web.ks should not be used because the installer will overwrite it.
         <PFX PATH> is the path to your PFX file.
         <SRC CERT ALIAS>     is the certificate alias from Step 2.
    Note:  If the PFX file is configured with a password, the keytool application will prompt you to enter it.

  4. Copy the resulting keystore file to <PMC_INSTALLATION_FOLDER>\Hub\keys in preparation for the next task.

Task 3.  Replace the web service's default keystore.

  1. Navigate to the following folder: <PMC INSTALLATION_FOLDER>\Hub\web-configuration
  2. Open the config.ini file in a text editor.

  3. In the config.ini file, find:

    CODE 
    org.eclipse.equinox.http.jetty.ssl.keystore=

    This should point to the name of the Java-specific keystore file from Step 3 in the preceding task.  We recommend using the name pmcweb.ks.  The default name web.ks should not be used because the installer will overwrite it.

  4. Set it equal to:

    CODE 
    keys/pmcweb.ks

  5. In this config.ini file, find:

    CODE 
    org.eclipse.equinox.http.jetty.ssl.keypassword=
org.eclipse.equinox.http.jetty.ssl.password=
  6. Set both lines equal to the <DEST KEY PW> from Step 3 in Task 1.
  7. Restart the Peer Management Center Web Service.
  8. Test accessing the web interface via HTTPS.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close