Creating a keystore for secure Smart Office Collaboration

To be able to use secure Web sockets with Smart Office Collaboration Server, you must create a keystore file with an SSL certificate. The following instructions describe an approach to create a keystore file. The keystore can be created in other ways as well as long as the result is a keystore file that contains a certificate that can be used for SSL.

Prerequisites

  • A Java JDK must be installed.

  • It is assumed that the bin directory for the JDK is on the system path.

Generating a keystore

The Java keytool can be used to generate a keystore file. The command for the keytool can be entered manually or you can use a Web page or some other tool to get help when generating the command.

This web page is one example where the command can be created: https://www.digicert.com/easy-csr/keytool.htm

Example command: keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore server_domain_com.jks -dname "CN=server.domain.com,OU=Development, O=Infor, L=Stockholm, ST=Stockholm, C=SE" && keytool -certreq -alias server -file server_domain_com.csr -keystore server_domain_com.jks

The command can be executed in a command window. If the keytool is not on the path, you need to add the absolute path to keytool.exe. The keytool will prompt for a password to the keystore.

The command will generate two files: a certificate signing request (CSR) and a keystore file.

Example files:

  • server_domain_com.csr

  • server_domain_com.jks

Obtaining the certificate

The CSR file can be used to create or request a certificate. A certificate can be purchased from a third-party provider of your choice. You might also have an internal Certificate Authority that can be used to generate certificates instead.

Note that the certificate that is used must be trusted by the clients. If the root certificate is not already trusted by the clients the certificate must be installed on the client machines.

The result should be a certificate chain file (*.p7b) or a certificate file (*.cer) or both.

Example:

  • certnew.p7b

  • certnew.cer

Importing the certificate to the keystore

The certificate chain file and the certificate file can be imported to the keystore using the keytool. Import the certificate chain file first followed by the certificate file if necessary. If the certificate chain file includes all certificates, you don’t need to import the certificate file. You can always try to import both files, the keytool will show a message if the certificate already exists in the keystore.

Example: keytool -import -trustcacerts -file certnew.p7b -keystore server_domain_com.jks -alias "server

Example: keytool -importcert -file certnew.cer -keystore server_domain_com.jks -alias "server"