Creating a keystore and import certificate for Admin Console

The following steps can be performed on a single clock and then the keystore copied to all the other clocks once the configuration has been verified.

The steps outline how to create a self-signed certificate on the clock and how to import the certificate into the machine that will be used for Admin Console access.

  1. Open a PuTTY session to the clock.
  2. Login with the root user.
  3. Make sure the keytool file is in the following path:
    
    cd /usr/lib/jvm/java-8/bin
    ls -l

    The keytool file should be listed.

  4. Create a folder called cert in /opt/infor/clock:
    
    cd /opt/infor/clock
    mkdir cert
    cd /cert/
  5. Provide the appropriate parameters and execute the following command:
    
    /usr/lib/jvm/java-8/bin/keytool -genkey -alias <alias> -keyalg RSA -keysize
    2048 -dname "CN=<IP Address of Clock>, O=Default, C=CA" -keystore <clocks
    keystore>

    For example:

    
    /usr/lib/jvm/java-8/bin/keytool -genkey -alias myalias -keyalg RSA -keysize
    2048 -dname "CN=192.168.0.16, O=Default, C=CA" -keystore clockkeystore
  6. Respond to the following prompts:
    
    Enter keystore password: <password>
    Re-enter new password: <password>
    Enter key password for myalias (RETURN if same as keystore password): <return>

    This will create a file named clockkeystore containing a public/private key and certificate. Make sure the passwords provided are documented.

  7. List the contents of the directory to confirm the file exists:
    
    # ls -l
    -rw-r--r-- 1 root 2136 Apr 27 11:48 clockkeystore
  8. Create an Export Certificate from the Clock by executing the following command:
    
    /usr/lib/jvm/java-8/bin/keytool -export -keystore <clocks keystore> 
    -alias <alias> -file <exported.crt>

    For example:

    /usr/lib/jvm/java-8/bin/keytool -export -keystore clockkeystore 
    -alias myalias -file mycertificate.crt
  9. Respond to the following prompts:
    Enter keystore password: <password>

    The certificate will be stored in the current directory.

  10. Using WinSCP copy the certificate mycertificate.crt file from the clock and place it in a temporary folder (C:\temp) of the machine where Admin Console is running.
  11. On the machine running Admin Console open a command prompt as an Administrator.
    Note: Make sure keytool.exe file is in the path and can be executed. The file is in the default Java installation, for example: <JRE Location>\bin.
  12. Type this command and press Enter:
    cd /
  13. Execute the following command in the command prompt and ensure that the JRE location corresponds to the JRE specified while installing Admin Console (to verify what JRE was used while installing Admin Console check the file called AdminConsole.lax in the Admin Console installation path):
    
    keytool -import -trustcacerts -alias <alias> -file <certificate> -keystore
    "<JRE Location>\lib\security\cacerts"

    For example:

    
    keytool -import -trustcacerts -alias myalias -file C:\temp\mycertificate.crt -
    keystore "C:\Java\jdk1.8.0_172\jre\lib\security\cacerts"
  14. Enter the password for the Java keystore (default password is changeit).
  15. Respond to the following prompt with Y:
    
    Trust this certificate? [no]: Y

    The following message will be displayed if successful:

    
    Certificate was added to keystore
    Note: These steps can be repeated on every machine that has Admin Console installed.