Skip to content
DevTest Solutions - 10.3
Documentation powered by DocOps

Use Your Own Self-Signed Certificate

Last update September 26, 2016

This example uses the keytool utility, which is in the Java Runtime Environment (JRE).

To create your own self-signed certificate:

  1. Work with your security administrator to create a self-signed certificate.

  2. Copy the certificate file to LISA_HOME and update{{LISA_HOME}}keystore.ks

  3. The first time DevTest reads the plain text password, it converts the password to an encrypted property:

    The server side of the connection configuration is complete.

  4. Configure the client.
    Because this certificate is self-signed, you explicitly tell the clients to trust the certificate. Typically, when you connect to an SSL service (for example, using a browser to a trusted Certification Authority certifies the certificate. Because a trusted third party does not certify self-signed certificates, you must add the certificate to a trust store:{{LISA_HOME}}trustStore.ts

    The same keytool utility manipulates trust stores. In general, a keystore contains one certificate and a trust store contains one or more certificates.

  5. Export the certificate from the server keystore:

    keytool -exportcert -rfc -alias serverA -keystore keyStore.ks -file serverA.cer

    The -rfc means to export the certificate as ASCII text instead of binary, to make it easier to copy and paste. In our example, the resulting serverA.cer file looks like the following example:












    -----END CERTIFICATE-----

  6. Add this certificate to the client trust store.
    Because you are creating a trust store file, you enter the password twice. If you add further certificates to this client trust store, you enter the password once.

    prompt> keytool -importcert -file serverA.cer -keystore trustStore.ts

    Enter keystore password:

    Re-enter new password:

    Owner: CN=serverA, OU=dev, O=itko, L=Dallas, ST=Texas, C=US

    Issuer: CN=serverA, OU=dev, O=itko, L=Dallas, ST=Texas, C=US

    Serial number: 4e155338

    Valid from: Thu Jul 07 16:33:28 EST 2011 until: Wed Oct 05 17:33:28 EST 2011

    Certificate fingerprints:

         MD5:  5B:10:F6:C8:02:3E:36:F5:AA:6D:FC:10:EF:F5:7F:54

         SHA1: 09:DA:8E:71:7C:D5:BB:44:89:14:13:07:F4:A1:C7:06:35:CD:BE:B1

         Signature algorithm name: SHA1withRSA

         Version: 3

    Trust this certificate? [no]:  yes

    Certificate was added to keystore

    Now you have a cryptographically strong way of talking to your DevTest servers in the public cloud. You must have the certificate on both sides for two DevTest components to talk to each other.

  7. If your client talks to more than one remote SSL server, run the same keytool command to import the certificate to the trust store.

    Note: In addition to the transport level security (the SSL), you can still enable fine-grain Access Control Lists (ACL). Access Control Lists let you require users to authenticate by user name and password. This type of security is similar to a banking website that uses HTTPS but still requires you to identify yourself.
Was this helpful?

Please log in to post comments.