The TDI Server has two certificate
keystores that stores the server and admin certificates. These certificates
must be extended before they expire, in order for TDI to function
normally. The two TDI keystores are located in the TDI Installation directory
in the following locations:
<TDI_INSTALLATION_DIRECTORY>/testserver.jks
<TDI_INSTALLATION_DIRECTORY>/serverapi/testadmin.jks
The keytool utility can be used to extend/export/delete/import
certificates in the JKS keystore. Keytool is located at the following location:
<TDI_INSTALLATION_DIRECTORY>/jvm/jre/bin/keytool
The following commands shows how
the validity of a certificate with alias ‘server’ can be extended by 365 days.
Once the certificate’s validity is increased, it needs to be exported and
imported in the Truststore as a trusted certificate.
Note:-
All the paths in the following commands are relative to the TDI
Installation directory. These command only affect the global testserver.jks and testadmin.jks files. If your deployment uses multiple instances of TDI, like the TDI Dispatcher for ISIM, then these commands needs to be performed for all existing instances separately. The path of the testserver.jks and testadmin.jks files will be updated. New instances created after extending the certificates have the new/extended certificates.
Extend the
‘server’ certificate in testserver.jks
jvm/jre/bin/keytool -selfcert -v
-alias server -validity 365 -keystore testserver.jks -storepass server
jvm/jre/bin/keytool -export -alias
server -keystore testserver.jks -storepass server -file tdiserver.crt
jvm/jre/bin/keytool -delete -alias
server -keystore serverapi/testadmin.jks -storepass administrator
jvm/jre/bin/keytool -import -alias
server -keystore serverapi/testadmin.jks -storepass administrator -file tdiserver.crt
Extend the
‘admin’ certificate in testadmin.jks
jvm/jre/bin/keytool -selfcert -v
-alias admin -validity 365 -keystore serverapi/testadmin.jks -storepass
administrator
jvm/jre/bin/keytool -export -alias admin
-keystore serverapi/testadmin.jks -storepass administrator -file serverapi/tdiadmin.crt
jvm/jre/bin/keytool -delete -alias
admin -keystore testserver.jks -storepass server
jvm/jre/bin/keytool -import -alias
admin -keystore testserver.jks -storepass server -file serverapi/tdiadmin.crt
No comments:
Post a Comment