Software AG Infrastructure 10.11 | Running Web Applications | Changing the Default Software AG Runtime Keystore and Truststore
 
Changing the Default Software AG Runtime Keystore and Truststore
Software AG Runtime uses a default keystore and truststore located in the Software AG_directory \common\conf directory. You can use the default keystore.jks and platform_truststore.jks files to test secure sockets layer (SSL) communication in a development or test environment.
Important:
Software AG strongly recommends changing the default keystore and truststore files to a custom key pair and corresponding certificate in a production environment.
For detailed information about creating keystores and truststores, importing keys and certificates into keystores and truststores, and other operations with these files, see the documentation of your Java certificate management tool.
*To change the default keystore and truststore
1. Go to the Software AG_directory \common\conf directory.
2. Back up the default keystore.jks and platform_truststore.jks files to another directory, and then delete the files from the conf directory.
3. In the Software AG_directory \common\conf directory, open a command window and create a keystore by running this command:

Software_AG_directory\jvm\jvm\bin\keytool -genkeypair -alias keystore_alias
-keystore keystore_path -storepass keystore_password -validity days_count
-keypass keystore_password -keyalg key_algorithm -keysize key_size
-sigalg signing_algorithm -storetype JKS
where
*keystore_alias is the alias for the new keystore.
*keystore_path is the path to the new keystore.
*keystore_password is the password for the new keystore.
*days_count is the integer value of days count of the certificate validity.
*key_algorithm is the algorithm for encryption of the keystore.
*key_size is the size of the keystore keys.
*signing_algorithm is the algorithm for the certificate signature.
The keytool prompts for information such as your name, company, and address.
4. Verify the details of the keystore you created by running this command:

Software_AG_directory\jvm\jvm\bin\keytool -list -v -keystore keystore_path
-storepass keystore_password
where
*keystore_path is the path to the new keystore.
*keystore_password is the password for the new keystore.
5. Export the certificate to a file from the new keystore you created by running this command:

Software_AG_directory\jvm\jvm\bin\keytool -exportcert -alias keystore_alias
-file certificate_path -keystore keystore_path -storepass keystore_password
-storetype JKS
where
*keystore_alias is the alias for the keystore.
*certificate_path is the path to the generated certificate.
*keystore_path is the path to the keystore.
*keystore_password is the password for the keystore.
6. Create a truststore by running this command:

Software_AG_directory\jvm\jvm\bin\keytool -import -file certificate_path
-alias truststore_alias -keystore truststore_path
where
*certificate_path is the path to the generated certificate.
*truststore_alias is the alias for the new truststore.
*truststore_path is the path to the new truststore.
7. Verify the details of the truststore you created by running this command:

Software_AG_directory\jvm\jvm\bin\keytool -list -v -keystore truststore_path
where truststore_path is the path to the new truststore.
8. Update your SSO configuration as described in Updating the Single Sign-On System for Your Product.