Installing or renewing a CA-signed HTTPS certificate

Use this task to replace the self-signed certificate of the HTTPS keystore with a CA-signed certificate, or to update the existing CA-signed certificate.

  1. Start the LN UI Administration Webapp and select Infor LN UI Administration > HTTPS Keystore.
  2. Click Generate CSR to create and download a file with the Certificate Signing Request (CSR). The request is encoded in Base-64 according to the PKCS#10 standard; you can view it in a text editor, for example to transfer it to a clipboard.
  3. Use the CSR contents to obtain a certificate from a Certificate Authority.
  4. If the CA-signed certificate is supplied as a CA Reply with the complete certificate chain or a PKCS#7 container, click Import CA Reply to upload and import the CA Reply file. If the import is successful, the HTTPS keystore is updated with the CA-signed certificate(s). The file must be in Base64 (PEM) encoding.
  5. If the root certificate, any intermediate certificate, and the CA signed end certificate are supplied separately, click Import Trusted Certificate to upload and import the root certificate. Repeat this step for each intermediate certificate. The uploaded certificate file(s) must be in Base64 (PEM) encoding.
    Finally, click Import CA Reply to upload and import the end certificate. If the import is successful, the HTTPS keystore is updated with the certificate. The file with the CA Reply must be in Base64 (PEM) encoding.
  6. Restart the Tomcat web server.
  7. To verify that the configuration was completed successfully, browse to a URL with this format:
    https://server1.initrode.com:8443/webui/servlet/admin

    LN UI Administration Webapp starts.

  8. Use the padlock of the browser's address bar to inspect the certificate information and verify that the CA-signed certificate is displayed.