Generate and sign an SSL keystore

To secure RMI communication in PPM through SSL, you need to create a keystore. Use the Java keytool to set up and manage your own keystore. Detailed information on this topic is available in the keytool documentation "Keytool - Key and Certificate Management Tool" (http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html).

Procedure

  1. Use the keytool to create a keystore with the following parameters.

    keytool

    -keystore ppm_keystore

    -alias ppm

    -keypass changeit

    -storepass changeit

    -genkey

    -v

    -keyalg RSA

    -dname "CN=PPM Admin , OU=PPM , O=SAG , L= Saarbruecken , S=SAL , C=DE"

  2. Use the keytool to create the Certificate Signing Request with the following parameters.

    keytool

    -certreq

    -alias server

    -file ppm_keystore.csr

    -keystore ppm_keystore

    The program generates two files: a key (extension: .key) and the actual certificate request (extension: .csr).

  3. Submit the content of the file with the .csr extension to a certification authority.

    It will sign the certificate with a valid root certificate that is usually acknowledged by all browsers and the default Java Runtime Environments.

  4. Use the keytool to import the signed certificate into your keystore.

    keytool

    -import

    -trustcacerts

    -alias server

    -file <FileName>

    -keystore ppm_keystore

The file ppm_keystore can now be used for SSL encryption in PPM.