Creating New Certificates

<< Click to Display Table of Contents >>

Navigation:  Peer Global File Service Help > Advanced Topics > TLS Certificates >

Creating New Certificates

Perform the necessary commands using the keytool application bundled with your Peer Management Center or Peer Agent installation.

Keytool location on Peer Management Center system:

PMC_INSTALLATION_FOLDER\jre\bin

Keytool location on Peer Agent system:

PEER_AGENT_INSTALLATION_FOLDER\jre\bin

Broker Keystore Generation

Step 1. Using keytool, create a certificate for the Peer Management Center.

keytool -genkey -alias broker -keyalg RSA -keystore broker.ks -storepass plBroker4321 -validity 3000

 

broker

The alias of the new broker keystore containing the new certificate.

broker.ks

Destination broker keystore that will be created containing the new certificate.

plBroker4321

The password you assign to the new broker keystore.

Note: The broker.ks file will be created in the \jre\bin folder.

Example:

SSL_Integration_1

Step 2: Export the broker's certificate so it can be shared with clients.

keytool -export -alias broker -keystore broker.ks -file broker.cer

 

broker

The alias of the new broker keystore containing the new certificate.

broker.ks

Destination broker keystore that will be created containing the new certificate.

broker.cer

The name of the broker's certificate to be created.

Note: The broker.cer file will be created in the \jre\bin folder.

Example:

SSL_Integration_2

Step 3: Create a certificate/keystore for the client.

keytool -genkey -alias client -keyalg RSA -keystore client.ks -storepass plClient4321 -validity 3000

 

client

The alias of the new client keystore containing the new certificate.

client.ks

Destination keystore for the client that will be created containing the new certificate.

plClient4321

The password you assign to the new client keystore.

Note: The client.ks file will be created in the \jre\bin folder.

Example:

SSL_Integration_3

Step 4: Create a truststore for the client and then import the broker's certificate.  This establishes that the client "trusts" the broker.

keytool -import -alias broker -keystore client.ts -file broker.cer -storepass plClient4321

 

broker

The alias of the broker keystore created in step 1.

client.ts

Destination truststore for the client that will be created containing the broker's certificate.

broker.cer

The broker's certificate created in step 2.

plClient4321

The password assigned to the client keystore in Step 3.

Example:

SSL_Integration_4

Optional: List the certificates in the broker keystore.

keytool -list -v -keystore broker.ks -storepass plBroker4321

Example:

SSL_Integration_5

Verify Client Certificate

If you want to verify client certificates, you need to take a few extra steps.

Step 1: Export the client's certificate so it can be shared with broker.

keytool -export -alias client -keystore client.ks -file client.cer -storepass plClient4321

Note: The client.cer file will be created in the \jre\bin folder.

Example:

SSL_Integration_6

Step 2: Create a truststore for the broker, and import the client's certificate.  This establishes that the broker "trusts" the client:

keytool -import -alias client -keystore broker.ts -file client.cer -storepass plBroker4321

Example:

SSL_Integration_7

Optional: List the certificates in the client keystore.

keytool -list -v -keystore client.ks -storepass plClient4321

Example:

SSL_Integration_8

Copy the Generated Keystore Files into Their Appropriate Location

On the Peer Management Center system: Copy the following files from the "C:\Program Files\Peer Software\Peer Management Hub\jre\bin" directory into the "C:\Program Files\Peer Software\Peer Management Hub\Broker\keys" directory on the Peer Management Center system.  Overwrite the existing files.

broker.ks

broker.ts

On the Peer Agent system: Copy the following files from the "C:\Program Files\Peer Software\Peer Management Hub\jre\bin" directory into the "C:\Program Files\Peer Software\Peer Agent\keys" directory on the Peer Agent systems.  Overwrite the existing files.

client.ks

client.ts

Restart All Peer Management Center Services for the Changes to Take Effect

We recommend you create a folder outside the Peer Management Center/Peer Agent installation directories in which to store the keystore files. This will ensure that upgrades will not clear/overwrite these files. The steps outlining this process will be posted shortly.