Description
When using Self Signed certificates for FNMEA, the keystore needs to know about the certificate of the other server, and the certificate needs to match the hostname of the remote server.
How to
To get this working on a 2 machine setup.
- Installed FNMEA on machine with name Admin_1, and reporting installed on Reporting_1
- Use the command "keytool -keystore admin -alias tomcat -genkey -keyalg RSA" to create the keystore for the admin server in a file called "admin".
- when prompted, I gave the machine name ( Admin) for the Common Name.
- Use the command "keytool -keystore reporting-alias tomcat genkey -keyalg RSA" to create the keystore for the reporting server in a file called "reporting".
- when prompted, I gave the machine name ( Reporting_1) for the Common Name.
- Use the command "keytool -export -alias tomcat -file fnmea_reporting.cer -keystore reporting" to extract the reporting certificate
- Used the command "keytool -export -alias tomcat -file fnmea_admin.cer -keystore admin" to extract the reporting certificate
- Used the command "keytool -import -trustcacerts -keystore admin -file fnmea_reporting.cer" to add the cert for reporting into the admin keystore
- Used the command "keytool -import -trustcacerts -keystore reporting -file fnmea_admin.cer" to add the cert for admin into the reporting keystore
Once this is done, I have two keystore files, and running the -list command looks a bit like this:
Note that we have two keystores, each with a private key called tomcat, and each with a trustedCertEntry which is the tomcat from the other keystore.
Then:
- I configure admin (using site make) to use the admin keystore. I also make sure that admin is referencing the reporting server by the name I used in the keystore (Reporting_1)
- I configure reporting(using site make) to use the reporting keystore. I also make sure that reporting is referencing the reporting server by the name I used in the keystore (Admin_1)