Self-signed server certificateBy default, the Authentication Server a self-signed certificate that is created . This means that web browsers will warn users about an untrusted server certificate when they first access the Authentication Server. When users choose to trust the server certificate, the warning message disappears. CA-signed server certificateFor production environments, it is highly recommended to use a certificate signed by trusted certificate authorities (CA). The following steps should be done to generate a keystore file providing that you already have a private key and certificate signed by a trusted CA. When executing the OpenSSL you will be asked for a keystore password. Please read the instructions carefully and provide all the required information.
openssl pkcs12 -export -in server.crt -inkey server.key -certfile -out
Deployment on clusterIf the Authentication Server is deployed on a cluster, all service instances should use the same keystore. When using an automatically created keystore with a self-signed certificate, just copy the keystore file from one instance to all the other ones.
|