Page History
...
For production environments it is highly recommended to use a certificate signed by trusted certificate authorities (CA). The following steps should be done to generate a keystore file providing that you already have a private key and certificate signed by trusted CA.
When executing the openssl command you will be asked for a keystore password. Please read the instructions carefully and provide all required information.
To generate a keystore file
...
Create a PKCS 12 file with the OpenSSL tool.
openssl pkcs12 -export -in server.crt -inkey server.key -certfile server.crt -out keystore.p12
...
title | Note for Windows users |
---|
...
For changing the self-signed certificate to a CA certificate, visit Changing SSL certificate page.
Deployment on cluster
If the Authentication Server is deployed on a cluster, all service instances should use the same keystore. When using an automatically created keystore with a self-signed certificate, just copy the keystore file from one instance to all the other ones.
...