Software AG Common Platform provides a single sign-on service which has predefined keystore (keystore.jks) and truststore (platform_truststore.jks). The predefined keystore and truststore contain default keys used for issuing and validating signed SAML assertions. You can create and modify these keystore and certificates using the certtool tool provided by Software AG Security Infrastructure.
The certtool tool is located in the Software AG_directory\common\bin folder. It is a wrapper of Java keytool and has default options that are used if the user does not provide any custom input.
Notes:
To use the certtool tool
Using the command prompt, open the following directory: Software AG_directory\ common\bin. You cannot start the tool from a different location on the file system. Depending on the operating system, start the tool using one of the following files:
Windows
certtool.bat
UNIX
./certtool.sh
To generate a key pair, type the following command:
certtool.bat/sh -generate
You are prompted to provide a common name (CN) for the certificate.
The keystore certificate is generated in the location specified by
the DEFAULT_PATH
option.
To add the newly generated .cer file to the truststore, type the following command:
certtool.bat/sh -add
Follow the prompts. The .cer file is added to the location specified
by the TRUSTSTORE_FILE
option.
To list the keystore contents, type the following command:
certtool.bat/sh -listkeystore
Follow the prompts. The keystore contents are listed in the command prompt.
To list the truststore contents, type the following command:
certtool.bat/sh -listtruststore
Follow the prompts. The truststore contents are listed in the command prompt.
To delete a certificate from the truststore, type the following command:
certtool.bat/sh -delete
You are prompted to provide the alias name of the certificate file to be deleted.
Below is the list of commands available in the certtool.bat/sh file:
Argument | Description |
---|---|
-listkeystore |
Lists the keystore certificates currently located in the keystore. The default keystore certificate is "default.jks" with a default password "manage". Note: |
-listtruststore |
Lists the truststore certificates currently located in the truststore. The default certificate is "default_truststore.jks" with a default password "manage". Note: |
-add |
Adds a trusted certificate to the truststore. The "default_truststore.jks" certificate is used if no other certificate is specified. |
-delete |
Deletes a trusted certificate from the truststore. |
-generate |
Generates a key pair and exports the public information as a .cer file. |
-usage |
Prints the available commands. |
Below is a list of options available in the certtool.bat/sh file.
Caution:
All options in the table below have default values assigned to
them. Please note that you are advised to modify them with extreme
caution.
Option | Description |
---|---|
DEFAULT_PATH |
Default path where the certificate stores will be created, for example C:\Software AG\common\conf. The value is automatically provided when you install the certtool using the Software AG Installer. |
KEYTOOL_PATH |
Default path to the Software AG Java keytool, for example C:\Software AG\jvm\jvm170_32\bin\keytool. The value is automatically provided when you install the certtool using the Software AG Installer. |
KEYSTORE_KEY_ALIAS |
Alias keystore name. Default value is "default". This value will be used if no other alias is specified. |
KEYSTORE_FILE |
Value for the name and location of the created keystore certificate. If no other value is specified, the certtool generates a keystore certificate with the name "default.jks" in C:\Software AG\common\conf. |
KEYSTORE_TYPE |
The type of the keystore. Default value is "JKS". |
KEYSTORE_PASSWORD |
The password for the keystore. The default value is "manage". |
TRUSTED_CERT_ALIAS |
Alias truststore certificate name. Default value is "default". This value will be used if no other alias is specified. |
TRUSTSTORE_FILE |
Value for the name and location of the created truststore. If no other value is specified, the certtool generates a keystore certificate with the name "default_truststore.jks" in C:\Software AG\common\conf. |
TRUSTSTORE_TYPE |
The type of the truststore. Default value is "JKS". |
TRUSTSTORE_PASSWORD |
The password for the truststore. Default value is "manage". |
X509_FILE |
Value for the name and location of the created truststore certificate. If no other value is specified, the certtool generates a certificate with the name "default.cer" in C:\Software AG\common\conf. |
VALIDITY |
The validity of the certificate in days. Default value is "1826". |
KEY_ALGORITHM |
Specifies the algorithm to be used to generate the key pair. Default value is "RSA". |
SIG_ALGORITHM |
Specifies the algorithm that should be used to sign the self-signed
certificate. This algorithm must be compatible with
For example, if the private key is of type
|
KEY_SIZE |
Specifies the size of each key to be generated. Default value is "1024". |