SSL certificates for i2 Analyze

SSL communication relies on encryption, keys, and certificates to initiate a secure connection. The certificates are stored in keystore files on the client and the server.

Certificates are exchanged to establish trust during the handshake process that initiates a secure connection. When a certificate is granted through a certificate authority, that certificate can be trusted by the clients or applications that trust certificates that are signed by that authority. A public key certificate that authenticates a server is stored in a keystore file on the server. Trusted certificate authority certificates are stored in the client's truststore file.

As part of the SSL handshake process, certificates are exchanged that are signed by a trusted certificate authority to verify that a certificate is authentic. The environment where you are deploying i2 Analyze might already have a well-defined certificate process that you can use to obtain certificates and populate the required key and truststores.

The examples in the following procedures use self-signed certificates to demonstrate working SSL configurations. In a production deployment, you must use certificates that are signed by a trusted certificate authority.

If all of the public key certificates are signed by the same certificate authority, then you can add the certificate authority's certificate to each of your truststores. If you have a number of certificates to authenticate trust, you might have to add multiple certificates to your truststores.

In the examples, the self-signed certificate is created in a keystore, exported, and imported to the relevant truststore. When you configure SSL communication between components of i2 Analyze, you must have the required certificates in the correct keystores. In the following procedures, examples commands are provided for creating, exporting, and importing self-signed certificates.