Creating a keystore and import certificate for Admin Console
The following steps can be performed on a single clock and then the keystore copied to all the other clocks once the configuration has been verified.
The steps outline how to create a self-signed certificate on the clock and how to import the certificate into the machine that will be used for Admin Console access.
- Open a PuTTY session to the clock.
-
Login with the
root
user. -
Make sure the
keytool
file is in the following path:cd /usr/lib/jvm/openjre-8/bin ls -l
The keytool file should be listed.
-
Create a folder called
cert
in/opt/infor/clock
:cd /opt/infor/clock mkdir cert cd /cert/
-
Provide the appropriate parameters and execute the following
command:
/usr/lib/jvm/openjre-8/bin/keytool -genkey -alias <alias> -keyalg RSA -keysize 2048 -dname "CN=<IP Address of Clock>, O=Default, C=CA" -keystore <clocks keystore>
For example:
/usr/lib/jvm/openjre-8/bin/keytool -genkey -alias myalias -keyalg RSA -keysize 2048 -dname "CN=192.168.0.16, O=Default, C=CA" -keystore clockkeystore
-
Respond to the following prompts:
Enter keystore password: <password> Re-enter new password: <password> Enter key password for myalias (RETURN if same as keystore password): <return>
This will create a file named clockkeystore containing a public/private key and certificate. Make sure the passwords provided are documented.
-
List the contents of the directory to confirm the file
exists:
# ls -l -rw-r--r-- 1 root 2136 Apr 27 11:48 clockkeystore
-
Create an Export Certificate from the Clock by executing the
following command:
/usr/lib/jvm/openjre-8/bin/keytool -export -keystore <clocks keystore> -alias <alias> -file <exported.crt>
For example:
/usr/lib/jvm/openjre-8/bin/keytool -export -keystore clockkeystore -alias myalias -file mycertificate.crt
-
Respond to the following prompts:
Enter keystore password: <password>
The certificate will be stored in the current directory.
- Using WinSCP copy the certificate mycertificate.crt file from the clock and place it in a temporary folder (C:\temp) of the machine where Admin Console is running.
-
On the machine running Admin Console open a command prompt as
an Administrator.
Note: Make sure keytool.exe file is in the path and can be executed. The file is in the default Java installation, for example: <JRE Location>\bin.
-
Type this command and press Enter:
cd /
-
Execute the following command in the command prompt and ensure
that the JRE location corresponds to the JRE specified while installing Admin
Console (to verify what JRE was used while installing Admin Console check the
file called AdminConsole.lax in the Admin
Console installation path):
keytool -import -trustcacerts -alias <alias> -file <certificate> -keystore "<JRE Location>\lib\security\cacerts"
For example:
keytool -import -trustcacerts -alias myalias -file C:\temp\mycertificate.crt - keystore "C:\Java\jdk1.8.0_172\jre\lib\security\cacerts"
- Enter the password for the Java keystore (default password is changeit).
-
Respond to the following prompt with
Y
:Trust this certificate? [no]: Y
The following message will be displayed if successful:
Certificate was added to keystore
Note: These steps can be repeated on every machine that has Admin Console installed.