Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For production environments it is highly recommended to use a certificate signed by trusted certificate authorities (CA). The following steps should be done to generate a keystore file providing that you already have a private key and certificate signed by trusted CA.

When executing the openssl command you will be asked for a keystore password. Please read the instructions carefully and provide all required information.

To generate a keystore file

...

Create a PKCS 12 file with the OpenSSL tool.

openssl pkcs12 -export -in server.crt -inkey server.key -certfile server.crt -out keystore.p12

...

titleNote for Windows users

...

For changing the self-signed certificate to a CA certificate, visit Changing SSL certificate page.

Deployment on cluster

If the Authentication Server is deployed on a cluster, all service instances should use the same keystore. When using an automatically created keystore with a self-signed certificate, just copy the keystore file from one instance to all the other ones.

...