You can configure a self-signed SSL certificate for browser sessions for test purpose by creating a private key, a certificate signing request (CSR), and applying the server certificate.
- Log on to the Analyzer detail view server through an SSH client (like putty) as a root user.
-
Create a temporary directory and open it:
mkdir /tmp/SelfSignedCertificate
cd /tmp/SelfSignedCertificate
-
Create a private key using one of the following algorithms:
RSA:
openssl genrsa -out jettyPrivate.key
ECDSA:openssl ecparam -out jettyPrivate.key -name prime256v1 -genkey
-
Create a certificate signing request (CSR):
openssl req -new -key jettyPrivate.key -out certreq.csr
Follow the instructions displayed on the console to enter the details for your certificate request (including the CSR password). For the common name, make sure that you enter the fully qualified host name.
-
Generate a self-signed certificate from the CSR:
openssl x509 -req -days 365 -in certreq.csr -signkey jettyPrivate.key -out certreq.cer
-
Combine the private key and certificate in the
jetty.pkcs12 file as shown in the following example:
openssl pkcs12 -export -inkey jettyPrivate.key -in certreq.cer -out jetty.pkcs12 -name jetty
Enter the export password. (The default is megha.jeos)
Note: If you do not use the default password, you must edit the userKeystoreConfig.xml file as follows:- Open the
userKeystoreConfig.xml file:
vi /usr/local/megha/jetty/etc/userKeystoreConfig.xml
- Update the following fields and save the file:
KeyStorePassword KeyManagerPassword TrustStorePassword
If the password includes the following special characters, you must replace them as indicated when editing these fields:- Replace ' " ' with '"'
- Replace ' ' ' with '''
- Replace ' < ' with '<'
- Replace ' > ' with '>'
- Replace ' & ' with '&'
For example:- Replace abc"123 with abc"123
- Replace abc'123 with abc'123
- Replace abc&"123 with abc&"123
(Optional): If you want an encrypted password for security purpose, you can convert the password into OBF format using the following command and provide the converted password in the userKeystoreConfig.xml file:For example:java -cp /usr/local/megha/jetty/lib/jetty-util-<Jetty Version>.jar org.eclipse.jetty.util.security.Password "password_provided_when_creating_CSR"
java -cp /usr/local/megha/jetty/lib/jetty-util-12.0.4.jar org.eclipse.jetty.util.security.Password "abc&123"
If the password contains " quotation mark, provide the password within ' ' quotation marks in the above command. For example: 'abc"123'
- Open the
userKeystoreConfig.xml file:
-
Stop the crond service:
service crond stop
-
Stop all the running services using the command:
/usr/local/megha/bin/stop-all-services.sh
-
Create a backup of the existing keystore file using the following command:
mv /usr/local/megha/jetty/etc/keystore /usr/local/megha/jetty/etc/keystore-orig
-
Import
jetty.pkcs12 into the keystore to import the self-signed certificate using the following command:
keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore /usr/local/megha/jetty/etc/keystore -deststoretype PKCS12
Enter the destination and source keystore passwords you used in step 6.
-
Change the ownership and permission of the keystore file:
chown megha:megha /usr/local/megha/jetty/etc/keystore
chmod og-rwx /usr/local/megha/jetty/etc/keystore
-
Start the megha service using the command:
/usr/local/megha/bin/megha-jetty.sh start
-
Start the crond service:
service crond start
-
(Optional) Remove the SelfSignedCertificate directory if you
will not need it in the future:
cd /tmp
rm -rf /tmp/SelfSignedCertificate