Change the Default Software AG Runtime Keystore and Truststore
Change the default Software AG Runtime keystore.jks and platform_truststore.jks files to a custom key pair and corresponding certificate.
Note: | If other users have access to this certificate, they might have managing access for Software AG Runtime through JMX. |
1. Go to the Software AG_directory \common\conf directory.
2. You cannot create a keystore with an existing alias (default alias is ssos). Back up the default keystore.jks and platform_truststore.jks files to another directory, and then delete the files from the conf directory.
3. In the Software AG_directory \common\conf directory, open a command window. Create the keystore by running this command:
Software AG_directory
\jvm\jvm\bin\keytool -genkeypair -alias keystore_alias
-keystore keystore_path -storepass keystore_password -validity days_count
-keypass keystore_password -keyalg key_algorithm -keysize key_size
-sigalg signing_algorithm -storetype JKS
The keytool prompts for information such as your name, company, and address.
Note: | Due to limitation of the Software AG single sign-on system (SSOS), the -storepass and -keypass values must be identical. |
4. Show the details of the keystore you created on the command window by running this command:
Software AG_directory
\jvm\jvm\bin\keytool -list -v -keystore keystore_path
-storepass keystore_password
Note the certificate information.
5. Export the certificate from the keystore you created by running this command:
Software AG_directory
\jvm\jvm\bin\keytool -exportcert -alias keystore_alias
-file certificate_path -keystore keystore_path -storepass keystore_password
-storetype JKS
6. Create a truststore by running this command:
Software AG_directory\jvm\jvm\bin\keytool -import -file certificate_path
-alias truststore_alias -keystore truststore_path
7. Show the details of the truststore you created on the command window by running this command:
Software AG_directory
\jvm\jvm\bin\keytool -list -v -keystore truststore_path
Make sure the certificate information is identical to the certificate you noted earlier in this procedure. If it is not identical, remove the keystore and truststore and start again at step 3.
8. Update your SSOS configuration. Go to the Software AG_directory \profiles\CTP\configuration\com.softwareag.platform.config.propsloader directory, open the com.softwareag.sso.pid.properties file, and update your SSOS configuration.
Variables | Description | Default Value |
certificate_path | Path for generated certificate. | Software AG_directory /common/conf/default.cer |
days_count | Integer value of days count of the certificate validity. | 10957 |
key_algorithm | Algorithm for encryption of the keystore. | RSA |
key_size | Keysize of the keystore keys. | 2048 |
keystore_alias | Alias for the new keystore. | ssos |
keystore_path | Path to the new keystore. | Software AG_directory /common/conf/keystore.jks |
keystore_password | Password for the new keystore. | manage |
signing_algorithm | Algorithm for the certificate signature. | SHA512with RSA |
truststore_alias | Alias for the new truststore. | ssos |
truststore_path | Path to the new truststore. | Software AG_directory /common/conf/platform_truststore.jks |
your_C | CountryName | DE |
your_CN | CommonName | ssos |
You_L | Locality | Unknown |
Your_O | Organization | sag |
your_OU | OrganizationalUnit | default |
your_ST | StateOrProvinceName | Unknown |
9. Go to the Software AG_directory /profiles/CTP/configuration/com.softwareag.platform.config.propsloader directory. Open the com.softwareag.sso.pid.properties file and edit these properties:
com.softwareag.security.idp.truststore.location
com.softwareag.security.idp.truststore.keyalias
@secure.com.softwareag.security.idp.truststore.password
The default truststore location is @path\:sag.install.area/common/conf/ platform_truststore.jks, and the default alias and password are ssos and manage.