Import an Existing Certificate

Exalead CloudView allows you to use your own certificate signed by a trusted certificate authority.


Before you begin:

The following properties are required:

  • For the public certificate located at DATADIR/security/<hostname>-<instance>.cert:

    • Generated key length must be: 2048 bits.

    • Modulus must be: 2048 bits.

    • Stored in a DER file format.

  • For the private Private key located at DATADIR/security/<hostname>-<instance>.key:

    • The Private key (.key file) is stored in a standard not encrypted PEM file format. The generated key length must be 2048 bits. It must use the following headers and footers:

      -----BEGIN PRIVATE KEY-----
      -----END PRIVATE KEY-----
See Also
About Certificates
  1. Check the certificate format using the following command:
    openssl x509 -in <infile.cert> -text -inform <format> (where format is DER or PEM depending on your needs)
  2. Private keys are usually stored in encrypted PEM files. Convert them to a nonencrypted file. You can use openssl on the command line:

    openssl pkcs8 -topk8 -in <key> -out <hostname>-<instance>.key -nocrypt

  3. Verify that the certificate and the private key (.key file) are stored using UNIX LF end of line characters:
    • On Windows, you can use the following tool: http://www.thefreecountry.com/tofrodos/index.shtml.
    • On UNIX, you can use dos2unix.
  4. Overwrite the key and certificate files generated at installation time in DATADIR/security. If you are using an alias, the Private key name must use the alias and not the default <hostname>-<instance>. Performed this step on each product instance. These files are located at:
    • The public certificate: DATADIR/security/<hostname>-<instance>.cert
    • The Private key: DATADIR/security/<hostname>-<instance>.key
  5. Add the server certificate to the truststore of every product instance:

    keytool -import -file <.cert file (DER)> -alias <jetty> 
                -keystore DATADIR/security/trusted.servers.ks -storepass <exalead>