Creating Self-Signed Server Certificates
Configurations for HTTPS require the use of a commercial certificate of authority. Third-party vendors distribute certificates of authority. To create a server certificate to be signed by a Certificate Authority (CA), use the keytool utility that is part of the Java Runtime Environment (JRE). For more information on using keytool, see: https://docs.oracle.com/en/java/javase/21/docs/specs/man/keytool.html. To create a server certificate of authority, follow this process:
1. Generate a new certificate for use with the SSL protocol’s public key encryption.
2. Generate a certificate signing request (CSR), and then send the request to a CA.
3. Receive the signed certificate from the CA, and then import the certificate into the keystore. You are required to update the existing self-signed certificate.
 |
Windchill requires the certificate which is trusted by Java. If you elect to use a certificate that is not trusted by Java, then you must configure Java to trust this certificate. Also, the certificate of authority must be added to the jssecacerts keystore. The default JDK cacerts file must be copied to the jssecacerts file located at <JAVA_HOME>/lib/security directory.
|