Generating ECF Java Keystore

Note:

This procedure uses the default certificate file ecfs_keystore and the default alias ecf_server. If you use some other names, make sure you enter them in IA:

  • Certificate file: Infrastructure Administrator > ECF Web Server > Java Keystore Settings > Certificate File for NIO Connector

  • Alias: Infrastructure Administrator > ECF Web Server > Keystore Settings > Certificate Name for HTTPS

  1. Open a Command Prompt window: Start > Run and then run the command cmd.

  2. Run mmc.

  3. Choose File > Add/Remove Snap-in…

    The Add or Remove Snap-in window opens.

  4. Choose Certificates and click Add.

    A wizard opens.

  5. Select Computer account and click Next.

  6. Select Local computer: (the computer this console is running on) and click Finish.

  7. Click OK.

  8. Right-click the IP/FQDN of the server for which you created the certificate and choose All Tasks > Export.

    The Certificate Export Wizard window opens.

  9. Click Next.

  10. Select Yes, export the private key and click Next.

  11. Select Personal Information Exchange - PKCS #12 (.PFX) and Include all certificates in the certification path if possible and then click Next.

  12. Create a password, enter it and click Next. Use this same password for Keystore created below, othervice ECF Web Server / Tomcat cannot open the certificate. Both passwords are using the value of Certificate Key File Password for NIO Connector parameter of ECF Web Server package in IA.

  13. Choose the place where you save the file and enter the file name ecfcert.pfx and click Next.

  14. Click Finish.

  15. Go to Command Prompt to generate the file and run the following command:

    keytool -importkeystore -srckeystore ecfcert.pfx -srcstoretype pkcs12 -destkeystore ecfs_keystore -deststoretype JKS

  16. To change the alias created by the keytool, do the following:

    1. Get the current alias by running the following command:

      keytool -list -keystore ecfs_keystore

    2. Copy the alias from the list and place it in the command below.

    3. To replace the alias, run the following command:

      keytool -changealias -alias "[copy the alias here]" -destalias "ecf_server" -keystore ecfs_keystore

When you have installed the ECF packages, create a folder called ecf in the root directory of the ECF virtual unit and place ecfs_keystore there.