Application Integration (On-Premises) : Administering the Software AG Infrastructure : Running Web Applications : Change the Default Software AG Runtime Keystore and Truststore
Change the Default Software AG Runtime Keystore and Truststore
Change the default Software AG Runtime keystore.jks and platform_truststore.jks files to a custom key pair and corresponding certificate.
Note:  
If other users have access to this certificate, they might have managing access for Software AG Runtime through JMX.
1. Go to the Software AG_directory \common\conf directory.
2. You cannot create a keystore with an existing alias (default alias is ssos). Back up the default keystore.jks and platform_truststore.jks files to another directory, and then delete the files from the conf directory.
3. In the Software AG_directory \common\conf directory, open a command window. Create the keystore by running this command:


Software AG_directory
\jvm\jvm\bin\keytool -genkeypair -alias keystore_alias
-keystore keystore_path -storepass keystore_password -validity days_count
-keypass keystore_password -keyalg key_algorithm -keysize key_size
-sigalg signing_algorithm -storetype JKS
The keytool prompts for information such as your name, company, and address.
Note:  
Due to limitation of the Software AG single sign-on system (SSOS), the -storepass and -keypass values must be identical.
4. Show the details of the keystore you created on the command window by running this command:


Software AG_directory
\jvm\jvm\bin\keytool -list -v -keystore keystore_path
-storepass keystore_password
Note the certificate information.
5. Export the certificate from the keystore you created by running this command:


Software AG_directory
\jvm\jvm\bin\keytool -exportcert -alias keystore_alias
-file certificate_path -keystore keystore_path -storepass keystore_password
-storetype JKS
6. Create a truststore by running this command:

Software AG_directory\jvm\jvm\bin\keytool -import -file certificate_path
-alias truststore_alias -keystore truststore_path
7. Show the details of the truststore you created on the command window by running this command:


Software AG_directory
\jvm\jvm\bin\keytool -list -v -keystore truststore_path
Make sure the certificate information is identical to the certificate you noted earlier in this procedure. If it is not identical, remove the keystore and truststore and start again at step 3.
8. Update your SSOS configuration. Go to the Software AG_directory \profiles\CTP\configuration\com.softwareag.platform.config.propsloader directory, open the com.softwareag.sso.pid.properties file, and update your SSOS configuration.
Variables
Description
Default Value
certificate_path
Path for generated certificate.
Software AG_directory /common/conf/default.cer
days_count
Integer value of days count of the certificate validity.
10957
key_algorithm
Algorithm for encryption of the keystore.
RSA
key_size
Keysize of the keystore keys.
2048
keystore_alias
Alias for the new keystore.
ssos
keystore_path
Path to the new keystore.
Software AG_directory /common/conf/keystore.jks
keystore_password
Password for the new keystore.
manage
signing_algorithm
Algorithm for the certificate signature.
SHA512with RSA
truststore_alias
Alias for the new truststore.
ssos
truststore_path
Path to the new truststore.
Software AG_directory /common/conf/platform_truststore.jks
your_C
CountryName
DE
your_CN
CommonName
ssos
You_L
Locality
Unknown
Your_O
Organization
sag
your_OU
OrganizationalUnit
default
your_ST
StateOrProvinceName
Unknown
9. Go to the Software AG_directory /profiles/CTP/configuration/com.softwareag.platform.config.propsloader directory. Open the com.softwareag.sso.pid.properties file and edit these properties:
com.softwareag.security.idp.truststore.location
com.softwareag.security.idp.truststore.keyalias
@secure.com.softwareag.security.idp.truststore.password
The default truststore location is @path\:sag.install.area/common/conf/ platform_truststore.jks, and the default alias and password are ssos and manage.
Copyright © 2015- 2017 Software AG, Darmstadt, Germany. (Innovation Release)

Product LogoContact Support   |   Community   |   Feedback