Use Existing Certificate

<< Click to Display Table of Contents >>

Navigation:  Peer Management Center Help > Advanced Configuration > Custom SSL Intergration >

Use Existing Certificate

Previous pageReturn to chapter overviewNext page

 

Perform the necessary commands using the keytool application bundled with your Peer Management Center or Peer Agent installation (Java 6).

 

Keytool location on Peer Management Center system:

C:\Program Files\Peer Software\Peer Management Hub\jre\bin

Keytool location on Peer Agent system:

C:\Program Files (x86)\Peer Software\Peer Agent\jre\bin

 

 

Peer Management Center Broker and Peer Agent Keystore Generation

 

You will need to have two custom/private certificates. One for the Peer Management Center Broker and one for all the participating Peer Agents. You may select different algorithms and encryption key size (i.e. RSA, DSA with 1024 or 2048 key size).

 

Step 1.

 

View/list the contents of the custom/private certificates. Perform these steps for both certificates (Peer Management Center Broker and Peer Agent). Make a note of the Alias of the certificate, if it exists.

 

keytool -list -v -keystore HubCert.pfx -storetype pkcs12

 

 

Note: The command will prompt you to enter the password you set on your custom certificate, if applicable.

 

Step 2:

 

Add the custom/private Peer Management Center Broker certificate into the Peer Management Center Broker keystore.

 

keytool -importkeystore -deststorepass plBroker4321 -destkeypass plBroker4321 -destkeystore broker.ks -srckeystore HubCert.pfx -srcstoretype PKCS12 -srcstorepass PASSWORD -alias ALIAS -destalias broker

 

 

Note: The broker.cer and broker.ks files will be created in the \jre\bin  folder where the keytool application resides.

 

Step 3:

 

Add the custom/private Peer Agent certificate into the Client keystore.

 

keytool -importkeystore -deststorepass plClient4321 -destkeypass plClient4321 -destkeystore client.ks -srckeystore AgentCert.pfx -srcstoretype PKCS12 -srcstorepass PASSWORD -alias ALIAS -destalias client

 

 

Note: The client.cer and client.ks files will be created in the \jre\bin  folder where the keytool application resides.

 

Step 4:

 

Export the broker's certificate so it can be shared with clients.

 

keytool -export -alias broker -keystore broker.ks -file broker.cer

 

 

The command will prompt you to enter the password for the broker keystore (i.e. plBroker4321).

 

Step 5:

 

Export the client's certificate so it can be shared with broker.

 

keytool -export -alias client -keystore client.ks -file client.cer

 

 

The command will prompt you to enter the password for the client keystore (i.e. plClient4321).

 

Step 6:

 

Create a truststore for the broker, and import the client's certificate. This establishes that the broker "trusts" the client:

 

keytool -import -alias client -keystore broker.ts -file client.cer

 

client

broker.ts

client.cer

 

The command will prompt you to enter the password for the broker keystore (i.e. plBroker4321).

 

Step 7:

 

Create a truststore for the client, and import the broker's certificate. This establishes that the client "trusts" the broker.

 

keytool -import -alias broker -keystore client.ts -file broker.cer

 

broker

client.ts

client.cer

 

The command will prompt you to enter the password for the client keystore (i.e. plClient4321).

 

Copy the generated keystore file into their appropriate location

 

On the Peer Management Center system: Copy the following files from the C:\Program Files\Peer Software\File Collaboration Enterprise\jre\bin" directory into the "C:\Program Files\Peer Software\File Collaboration Enterprise\Broker\keys" directory on the Peer Management Center system. Overwrite the existing files.

 

broker.ks

broker.ts

 

On the Peer Agent system: Copy the following files from the "C:\Program Files\Peer Software\File Collaboration Enterprise\jre\bin" directory into the "C:\Program Files\Peer Software\PeerLink Agent\keys" directory on the Peer Agent systems. Overwrite the existing files.

 

client.ks

client.ts

 

Restart all Peer Management Center services for the changes to take effect

 

Note: We recommend you create a folder outside the Peer Management Center/Peer Agent installation directories in which to store the keystore files. This will ensure that upgrades will not clear/overwrite these files. The steps outlining this process will be posted shortly.