Requesting a Signed Certificate for WBCS

The WBCS will support both HTTP (default configuration) and HTTPS protocol connections. Using HTTP allows you to save on the cost of having to purchase signed certificates. The HTTPS protocol provides additional security but requires some additional configuration that is described in this topic.

To request a signed certificate for WBCS:

  1. Download and install OpenSSL on a machine.
  2. Open a command console as an administrator.
  3. Make sure the keytool.exe file is in your PATH and can be executed. This file is normally located where the JRE is located. For example, <Java_installation_root>/jre/bin.
  4. Execute the following command and respond to the prompts. You must retain all specified values and files for configuring WBCS:
    keytool -genkey -alias <alias> -keyalg RSA -keysize 2048 -dname "CN=<hostname>, O=Default, C=CA" -keystore keystore
    1. Enter keystore password: <password>
    2. Re-enter password: <password>
    3. Enter key password for <hostname> (RETURN if same as keystore password): <return>
      This will create a file named keystore. This file will be used as part of the WBCS configuration for HTTPS.
  5. Execute the following command to create a certificate signing request:
    keytool -certreq -alias <alias> -keyalg RSA -file <hostname>.csr -keystore keystore

    The above command will create a file named <hostname>.csr.

    1. Send the <hostname>.csr file to your certificate authority.
      You will then receive a .p7b (pkcs7) file from the certificate authority.
  6. Open a command console as an administrator.
  7. Convert the pkcs7 file to pem format by consecutively executing the following commands:
    openssl pkcs7 -print_certs -in <pk7 file name>.p7b -out certnew.pem
    keytool -import -keystore keystore -file certnew.pem -alias theCARoot
  8. You can now proceed to Configuring HTTP and HTTPS in WBCS to complete the configuration of WBCS for HTTPS.