<< Click to Display Table of Contents >> Use Existing Certificate |
|
Perform the necessary commands using the keytool application bundled with your PeerLink Hub or Agent installation (Java 6).
Keytool location on Hub system: |
C:\Program Files\Peer Software\File Collaboration Enterprise\jre\bin |
Keytool location on Agent system: |
C:\Program Files\Peer Software\PeerLink Agent\jre\bin |
Broker and Agent Keystore Generation
You will need to have two custom/private certificates. One for the Broker and one for all the participating Agents. You may select different algorithms and encryption key size (i.e. RSA, DSA with 1024 or 2048 key size).
Step 1.
View/list the contents of the custom/private certificates. Perform these steps for both certificates (Broker and Agent). Make a note of the Alias of the certificate, if it exists.
keytool -list -v -keystore HubCert.pfx -storetype pkcs12 |
HubCert.pfx |
Represents the custom/private certificate for the Broker. |
AgentCert.pfx |
Represents the custom/private certificate for the Agents. |
Note: The command will prompt you to enter the password you set on your custom certificate, if applicable.
Step 2:
Add the custom/private Broker certificate into the Broker keystore.
keytool -importkeystore -deststorepass plBroker4321 -destkeypass plBroker4321 -destkeystore broker.ks -srckeystore HubCert.pfx -srcstoretype PKCS12 -srcstorepass PASSWORD -alias ALIAS -destalias broker |
plBroker4321 |
The password you assign to the new Broker keystore. |
broker.ks |
Destination keystore that will be created containing the custom/private certificate. |
HubCert.pfx |
Custom/private certificate being imported into the new keystore. |
PASSWORD |
The password of the custom/private certificate, if it exists. If you omit the -srcstorepass command you will be prompted for the certificate password if needed. |
ALIAS |
The Alias of the custom/private certificate you discovered in Step 1 above. |
broker |
The Alias of the new keystore containing the custom/private. |
Note: The broker.cer and broker.ks files will be created in the \jre\bin folder where the keytool application resides.
Step 3:
Add the custom/private Agent certificate into the Client keystore.
keytool -importkeystore -deststorepass plClient4321 -destkeypass plClient4321 -destkeystore client.ks -srckeystore AgentCert.pfx -srcstoretype PKCS12 -srcstorepass PASSWORD -alias ALIAS -destalias client |
plClient4321 |
The password you assign to the new Broker keystore. |
client.ks |
Destination keystore that will be created containing the custom/private certificate. |
AgentCert.pfx |
Custom/private certificate being imported into the new keystore. |
PASSWORD |
The password of the custom/private certificate, if it exists. If you omit the -srcstorepass command you will be prompted for the certificate password if needed. |
ALIAS |
The Alias of the custom/private certificate you discovered in Step 1 above. |
client |
The Alias of the new keystore containing the custom/private. |
Note: The client.cer and client.ks files will be created in the \jre\bin folder where the keytool application resides.
Step 4:
Export the broker's certificate so it can be shared with clients.
keytool -export -alias broker -keystore broker.ks -file broker.cer |
broker |
The Alias of the broker keystore containing the custom/private certificate created in Step 2 above. |
broker.ks |
The keystore file created in Step 2 above containing the custom/private certificate for the Broker. |
broker.cer |
The certificate file created in Step 2 above. |
The command will prompt you to enter the password for the broker keystore (i.e. plBroker4321).
Step 5:
Export the client's certificate so it can be shared with broker.
keytool -export -alias client -keystore client.ks -file client.cer |
client |
The Alias of the client keystore containing the custom/private certificate created in Step 3 above. |
client.ks |
The keystore file created in Step 3 above containing the custom/private certificate for the Agents. |
client.cer |
The certificate file created in Step 3 above. |
The command will prompt you to enter the password for the client keystore (i.e. plClient4321).
Step 6:
Create a truststore for the broker, and import the client's certificate. This establishes that the broker "trusts" the client:
keytool -import -alias client -keystore broker.ts -file client.cer |
client |
The Alias of the client keystore containing the custom/private certificate created in Step 3 above. |
broker.ts |
The broker trustore to be created. |
client.cer |
The certificate file created in Step 3 above. |
The command will prompt you to enter the password for the broker keystore (i.e. plBroker4321).
Step 7:
Create a truststore for the client, and import the broker's certificate. This establishes that the client "trusts" the broker.
keytool -import -alias broker -keystore client.ts -file broker.cer |
broker |
The Alias of the client keystore containing the custom/private certificate created in Step 3 above. |
client.ts |
The client trustore to be created. |
client.cer |
The certificate file created in Step 2 above. |
The command will prompt you to enter the password for the client keystore (i.e. plClient4321).
Copy the generated keystore file into their appropriate location
On the Hub system: Copy the following files from the C:\Program Files\Peer Software\File Collaboration Enterprise\jre\bin" directory into the "C:\Program Files\Peer Software\File Collaboration Enterprise\Broker\keys" directory on the Hub system. Overwrite the existing files.
broker.ks
broker.ts
On the Agent system: Copy the following files from the "C:\Program Files\Peer Software\File Collaboration Enterprise\jre\bin" directory into the "C:\Program Files\Peer Software\PeerLink Agent\keys" directory on the Agent systems. Overwrite the existing files.
client.ks
client.ts
Restart all PeerLink services for the changes to take effect
Note: We recommend you create a folder outside the PeerLink Hub/Agent installation directories in which to store the keystore files. This will ensure that upgrades will not clear/overwrite these files. The steps outlining this process will be posted shortly.