Creating keystores, truststores, and certificates for development
You can use the Java keytool to create keystores and certificates for development purposes. For more information about Java keytool, see keytool - Key and Certificate Management Tool.
About this task
The certificates that the Java keytool generates are self-signed and they should not be used in production deployments. You can use the following instructions to create the keystores, truststores, and certificates for Liberty, Solr, and ZooKeeper in a development environment. When you are deploying into production, you must use certificates that are provided by a trusted certificate authority.
For more information about the location of the required stores and certificates, see Keystores, truststores, and certificates for i2 Analyze.
Procedure
Create a keystore and self-signed certificate.
Open a command prompt and navigate to the Java bin directory on the server.
For example, on the Liberty server: i2analyze\deploy\java\binCreate a keystore and certificate.
For example, run the following command:
keytool -genkeypair -alias "libertyKey" -keystore "C:\i2\i2analyze\i2-liberty-keystore.p12" -dname "CN=hostname" -keyalg RSA -storepass "password" -ext san=dns:hostname
Important: Ensure that you provide values as follows:
Enter a unique alias.
Set the value of CN and san=dns to the hostname of the server.
Assign a secure password.
Export the certificate from the keystore.
For example, run the following command:
keytool -exportcert -alias "libertyKey" -keystore "C:\i2\i2analyze\i2-liberty-keystore.p12" -file "C:\i2\i2analyze\i2-liberty-certificate.cer" -storepass "password"
When you are using self-signed certificates, you must add the certificates that you exported from your keystores to the required truststores.
Create a truststore and import the specified certificate into the truststore.
For example, run the following command:
keytool -importcert -alias "solrKey" -file "C:\i2\i2analyze\i2-liberty-certificate.cer" -keystore "C:\i2\i2analyze\i2-liberty-truststore.p12" -storepass "password"
Enter yes in response to the query, Trust this certificate?
Important: Ensure that you enter values as follows:
Enter a unique alias.
Assign a secure password.
If the truststore already exists, the command adds the certificate to the existing truststore.