Create New Certificate

<< Click to Display Table of Contents >>

Navigation:  PeerLink Help > Advanced Configuration > Custom SSL Intergration >

Create New Certificate

 Previous pageReturn to chapter overviewNext page

 

Perform the necessary commands using the keytool application bundled with your PeerLink Hub or Agent installation (Java 6).

 

Keytool location on Hub system:

PEERLINK_HUB_INSTALLATION_FOLDER\jre\bin

Keytool location on Agent system:

PEERLINK_AGENT_INSTALLATION_FOLDER\jre\bin

 

 

Broker Keystore generation

 

Step 1.

 

Using keytool, create a certificate for the Broker.

 

keytool -genkey -alias broker -keyalg RSA -keystore broker.ks -storepass plBroker4321 -validity 3000

 

broker

The alias of the new broker keystore containing the new certificate.

broker.ks

Destination broker keystore that will be created containing the new certificate.

plBroker4321

The password you assign to the new broker keystore.

 

Note: The broker.ks file will be created in the \jre\bin folder.

 

Example:

 

 

 

 

Step 2:

 

Export the broker's certificate so it can be shared with clients.

 

keytool -export -alias broker -keystore broker.ks -file broker.cer

 

broker

The alias of the new broker keystore containing the new certificate..

broker.ks

Destination broker keystore that will be created containing the new certificate.

broker.cer

The name of the broker's certificate to be created.

 

 

Note: The broker.cer file will be created in the \jre\bin  folder.

 

Example:

 

 

 

Step 3:

 

Create a certificate/keystore for the client.

 

keytool -genkey -alias client -keyalg RSA -keystore client.ks -storepass plClient4321 -validity 3000

 

client

The alias of the new client keystore containing the new certificate.

client.ks

Destination keystore for the client that will be created containing the new certificate.

plClient4321

The password you assign to the new client keystore.

 

Note: The client.ks file will be created in the \jre\bin  folder.

 

Example:

 

 

 

Step 4:

 

Create a truststore for the client, and import the broker's certificate. This establishes that the client "trusts" the broker.

 

keytool -import -alias broker -keystore client.ts -file broker.cer -storepass plClient4321

 

broker

The alias of the broker keystore created in step 1.

client.ts

Destination truststore for the client that will be created containing the broker's certificate.

broker.cer

The broker's certificate created in step 2.

plClient4321

The password assigned to the client keystore in step 3.

 

Example:

 

 

Optional:

 

List the certificates in the broker keystore.

 

keytool -list -v -keystore broker.ks -storepass plBroker4321

 

Example:

 

 

 

Verify Client Certificate

 

 

If you want to verify client certificates, you need to take a few extra steps.

 

Step 1:

 

Export the client's certificate so it can be shared with broker.

 

keytool -export -alias client -keystore client.ks -file client.cer -storepass plClient4321

 

Note: The client.cer file will be created in the \jre\bin  folder.

 

Example:

 

 

Step 2:

 

Create a truststore for the broker, and import the client's certificate. This establishes that the broker "trusts" the client:

 

keytool -import -alias client -keystore broker.ts -file client.cer -storepass plBroker4321

 

Example:

 

 

 

Optional:

 

List the certificates in the client keystore.

 

keytool -list -v -keystore client.ks -storepass plClient4321

 

Example:

 

 

Copy the generated keystore file into their appropriate location

 

On the Hub system: Copy the following files from the C:\Program Files\Peer Software\File Collaboration Enterprise\jre\bin" directory into the "C:\Program Files\Peer Software\File Collaboration Enterprise\Broker\keys" directory on the Hub system. Overwrite the existing files.

 

broker.ks

broker.ts

 

On the Agent system: Copy the following files from the "C:\Program Files\Peer Software\File Collaboration Enterprise\jre\bin" directory into the "C:\Program Files\Peer Software\PeerLink Agent\keys" directory on the Agent systems. Overwrite the existing files.

 

client.ks

client.ts

 

Restart all PeerLink services for the changes to take effect

 

Note: We recommend you create a folder outside the PeerLink Hub/Agent installation directories in which to store the keystore files. This will ensure that upgrades will not clear/overwrite these files. The steps outlining this process will be posted shortly.