Create SSL Certificate for Application Web Server
1. Log into the Web server
2. Create an SSL certificate directory as D:\SSL
3. Open a command window and navigate to the current JRE version’s bin directory by executing the following command:
CD %JAVA_HOME%/bin
4. From the command prompt, generate a keystore as follows (password changeit can be also trackwise8 or TWC_admin or TWS_admin):
keytool -genkey -keyalg RSA -alias tomcat -keystore D:\SSL\keystore.db -storepass changeit
Provide the following parameters:
a. First & Last name: SERVERNAME801.aws.companyName.com
b. Name of Organizational Unit: Global IT, CPLM, SERVERNAME801
c. Name of Organization: CompanyName
d. Name of City: Address
e. Name of State: State
f. Name of Country Code: US
g. Answer yes to confirm values above
h. Enter Password: changeit and re-enter it again
5. From the command prompt, generate a certificate request as follows:
keytool -certreq -alias tomcat -keyalg RSA -file D:\SSL\certreq.csr -keystore D:\SSL\keystore.db -storepass changeit
6. From your desktop computer, open a Web Browser and navigate to the following URL:
http://usdfiss002.global.company.com/certsrv/
7. Click on the “Request a Certificate” link, then click on the “Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.” link
8. Copy the text from the certreq.csr file from step 5 into the “Base-64-encoded certificate request (CMC or PKCS #10 or PKCS #7):” textbox including all comments
9. Select “CompanyWeb Server SHA2” from the Certificate Template selection list
10. Click Submit
11. Select the “Base 64 encoded” option button and then click the "Download certificate chain” link
12. Copy the downloaded file to the target server’s D:\SSL directory
13. Double Click the certnew.p7b file
14. Navigate to the Certificates node and double click on the “Company Root CA SHA2” certificate
15. From the new Certificate window go to the Details tab and click Copy to File button
16. On the Certificate Export Wizard, select Next, then select “Base-64 encoded X.509 (.CER)
17. Select Next, and add the following value:
D:\SSL\root.cer
18. Select Next, then Finish
19. From the open command prompt, import the root certificate to the keystore:
keytool -import -alias root -keystore D:\SSL\keystore.db -trustcacerts -file D:\SSL\root.cer -storepass changeit
Answer yes to trust certificate
20. From the open command prompt, import the certificate to the keystore:
keytool -import -alias tomcat -keystore D:\SSL\keystore.db -trustcacerts -file D:\SSL\certnew.p7b -storepass changeit
21. From the open command prompt, import the certificate to the keystore:
keytool -import -file D:\SSL\root.cer -keystore D:\SSL\jssecacerts -storepass changeit
Answer yes to trust certificate
22. Copy the jssecacerts certificate from the D:\SSL directory to the following java directory:
%JAVA_HOME%/jre/lib/security
23. Update Apache\Tomcat-Web\conf\server.xml and restart Tomcat Apache service
Create SSL Certificate for 901 Web Service Server
1. Log into the Web Service server
2. Create an SSL certificate directory as D:\SSL
3. Open a command window and navigate to the current JRE version’s bin directory by executing the following command:
CD %JAVA_HOME%/bin
4. From the command prompt, generate a keystore as follows (password changeit can be also trackwise8 or TWC_admin or TWS_admin):
keytool -genkey -keyalg RSA -alias tomcat -keystore D:\SSL\keystore.db -storepass changeit
Provide the following parameters:
a. First & Last name: ServeerName901.aws.company.com
b. Name of Organizational Unit: Global IT, CPLM, ServeerName901
c. Name of Organization: Company
d. Name of City: CompanyAddress
e. Name of State: IlState
f. Name of Country Code: US
g. Answer yes to confirm values above
h. Enter Password: changeit and re-enter it again
5. From the command prompt, generate a certificate request as follows:
keytool -certreq -alias tomcat -keyalg RSA -file D:\SSL\certreq.csr -keystore D:\SSL\keystore.db -storepass changeit
6. From your desktop computer, open a Web Browser and navigate to the following URL:
http://usdfiss002.global.Company.com/certsrv/
7. Click on the “Request a Certificate” link, then click on the “Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.” link
8. Copy the text from the certreq.csr file from step 5 into the “Base-64-encoded certificate request (CMC or PKCS #10 or PKCS #7):” textbox including all comments
9. Select “Company Web Server SHA2” from the Certificate Template selection list
10. Click Submit
11. Select the “Base 64 encoded” option button and then click the "Download certificate chain” link
12. Copy the downloaded file to the target server’s D:\SSL directory
13. Double Click the certnew.p7b file
14. Navigate to the Certificates node and double click on the “Company Root CA SHA2” certificate
15. From the new Certificate window go to the Details tab and click Copy to File button
16. On the Certificate Export Wizard, select Next, then select “Base-64 encoded X.509 (.CER)
17. Select Next, and add the following value:
D:\SSL\root.cer
18. Select Next, then Finish
19. From the open command prompt, import the root certificate to the keystore:
keytool -import -alias root -keystore D:\SSL\keystore.db -trustcacerts -file D:\SSL\root.cer -storepass changeit
Answer yes to trust certificate
20. From the open command prompt, import the certificate to the keystore:
keytool -import -alias tomcat -keystore D:\SSL\keystore.db -trustcacerts -file D:\SSL\certnew.p7b -storepass changeit
21. Update Apache\Tomcat-Web\conf\server.xml and restart Tomcat Apache service
Create SSL Certificate for 902 Web Service Server
1. Log into the Web Service server
2. Create an SSL certificate directory as D:\SSL
3. Open a command window and navigate to the current JRE version’s bin directory by executing the following command:
CD %JAVA_HOME%/bin
4. From the command prompt, generate a keystore as follows (password changeit can be also trackwise8 or TWC_admin or TWS_admin):
keytool -genkey -keyalg RSA -alias tomcat -keystore D:\SSL\keystore.db -storepass changeit
Provide the following parameters:
a. First & Last name: ServerName902.aws.CompanyName.com
b. Name of Organizational Unit: Global IT, CPLM, ServerName902
c. Name of Organization: CompanyName
d. Name of City: DetailsAddress
e. Name of State: State
f. Name of Country Code: US
g. Answer yes to confirm values above
h. Enter Password: changeit and re-enter it again
5. From the command prompt, generate a certificate request as follows:
keytool -certreq -alias tomcat -keyalg RSA -file D:\SSL\certreq.csr -keystore D:\SSL\keystore.db -storepass changeit
6. From your desktop computer, open a Web Browser and navigate to the following URL:
http://usdfiss002.global.Companu.com/certsrv/
7. Click on the “Request a Certificate” link, then click on the “Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.” link
8. Copy the text from the certreq.csr file from step 5 into the “Base-64-encoded certificate request (CMC or PKCS #10 or PKCS #7):” textbox including all comments
9. Select “Company Web Server SHA2” from the Certificate Template selection list
10. Click Submit
11. Select the “Base 64 encoded” option button and then click the "Download certificate chain” link
12. Copy the downloaded file to the target server’s D:\SSL directory
13. Double Click the certnew.p7b file
14. Navigate to the Certificates node and double click on the “Company Root CA SHA2” certificate
15. From the new Certificate window go to the Details tab and click Copy to File button
16. On the Certificate Export Wizard, select Next, then select “Base-64 encoded X.509 (.CER)
17. Select Next, and add the following value:
D:\SSL\root.cer
18. Select Next, then Finish
19. From the open command prompt, import the root certificate to the keystore:
keytool -import -alias root -keystore D:\SSL\keystore.db -trustcacerts -file D:\SSL\root.cer -storepass changeit
Answer yes to trust certificate
20. From the open command prompt, import the certificate to the keystore:
keytool -import -alias tomcat -keystore D:\SSL\keystore.db -trustcacerts -file D:\SSL\certnew.p7b -storepass changeit
21. Update Apache\Tomcat-Web\conf\server.xml and restart Tomcat Apache service
Create SSL Certificate for Analytics Server
1. Log into the Analytics server
2. Create an SSL certificate directory as D:\SSL
3. Open a command window and navigate to the current JRE version’s bin directory by executing the following command:
CD %JAVA_HOME%/bin
4. From the command prompt, generate a keystore as follows (password changeit can be also trackwise8 or TWC_admin or TWS_admin):
keytool -genkey -keyalg RSA -alias tomcat -keystore D:\SSL\keystore.db -storepass changeit
Provide the following parameters:
a. First & Last name: ServerNameAL801.aws.company.com
b. Name of Organizational Unit: Global IT, CPLM, ServerNameAL801
c. Name of Organization: BCompany
d. Name of City: DAddress
e. Name of State: IlState
f. Name of Country Code: US
g. Answer yes to confirm values above
h. Enter Password: changeit and re-enter it again
5. From the command prompt, generate a certificate request as follows:
keytool -certreq -alias tomcat -keyalg RSA -file D:\SSL\certreq.csr -keystore D:\SSL\keystore.db -storepass changeit
6. From your desktop computer, open a Web Browser and navigate to the following URL:
http://usdfiss002.global.Company.com/certsrv/
7. Click on the “Request a Certificate” link, then click on the “Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.” link
8. Copy the text from the certreq.csr file from step 5 into the “Base-64-encoded certificate request (CMC or PKCS #10 or PKCS #7):” textbox including all comments
9. Select “Company Web Server SHA2” from the Certificate Template selection list
10. Click Submit
11. Select the “Base 64 encoded” option button and then click the "Download certificate chain” link
12. Copy the downloaded file to the target server’s D:\SSL directory
13. Double Click the certnew.p7b file
14. Navigate to the Certificates node and double click on the “CompanyRoot CA SHA2” certificate
15. From the new Certificate window go to the Details tab and click Copy to File button
16. On the Certificate Export Wizard, select Next, then select “Base-64 encoded X.509 (.CER)
17. Select Next, and add the following value:
D:\SSL\root.cer
18. Select Next, then Finish
19. From the open command prompt, import the root certificate to the keystore:
keytool -import -alias root -keystore D:\SSL\keystore.db -trustcacerts -file D:\SSL\root.cer -storepass changeit
Answer yes to trust certificate
20. From the open command prompt, import the certificate to the keystore:
keytool -import -alias tomcat -keystore D:\SSL\keystore.db -trustcacerts -file D:\SSL\certnew.p7b -storepass changeit
21. Log into the Web server
22. Copy Files from D:\SSL folder on Analytics server to D:\SSLAL on Web server
23. Open a command window and navigate to the current JRE version’s bin directory by executing the following command:
CD %JAVA_HOME%/bin
24. From the command prompt, execute as follows:
keytool -import -alias root -keystore “C:\Program Files\Java\jdk1.8.0_171\jre\lib\security\jssecacerts" -trustcacerts -file D:\SSLAL\root.cer -storepass changeit
Answer yes to the question
25. From the command prompt, execute as follows:
keytool -import -alias root2 -keystore "C:\Program Files\Java\jre1.8.0_171\lib\security\cacerts" -trustcacerts -file D:\SSLAL\root.cer -storepass changeit
Answer yes to the question
26. From the command prompt, execute as follows:
keytool -import -alias root2 -keystore "C:\Program Files\Java\ jdk1.8.0_171\jre\lib\security\cacerts" -trustcacerts -file D:\SSLAL\root.cer -storepass changeit
Answer yes to the question
27. Update Apache\Tomcat-Web\conf\server.xml on Analytics server and restart Tomcat Apache service
