Managing SSL Certificates

Obtaining an SSL Certificate

The platform provides a default self-signed certificate which is used by the Application Server.

To obtain and install your own SSL Certificate, make a request to a Certificate Authority (CA). An SSL certificate authenticates a website to a web browser, part of a security protocol to manage secure data exchange.

The CA will accept your Certificate Signing Request and generate a certificate which identifies your website as a secured website.

To create a Certificate Signing Request (CSR)

1. Create a keystore and a private key:

cd {install-dir}/profiles/IS_default/configuration/tomcat/conf/RN

keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore {keystore_filename}

2. Create a CSR from the keystore

keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr 
        -keystore {keystore_filename}

3. Submit the resulting file, certreq.csr, to the CA to obtain a certificate.
(When the certificate arrives, you are ready for the next step of steps.)

To Install the Certificate Obtained from the CA

Once you have obtained a certificate, you need to import it into the keystore.

But first, in addition to your certificate, the CA might provide a Chain/Root Certificate, which must also be imported. If you have received a chain certificate from the CA, then:

1. Copy the contents of the chain certificate into a file called chain

2. Import the chain certificate into your keystore:

keytool -import -alias root -keystore {keystore_filename} 
        -trustcacerts -file chain

When the chain certificate (if any) has been imported, you are ready for the final step:

3. Import the certificate received from the CA:

keytool -import -alias tomcat -keystore {keystore_filename} 
        -trustcacerts -file {certificate_filename}

To update a Customer SSL Certificate in AgileApps

1. Stop the Application server.

2. Update keystoreFile and keystorePass values in “com.softwareag.catalina.connector.https.pid-agileappsHttps-8284.properties” file available under

{install-dir}/profiles/IS_default/configuration/com.softwareag.platform.config.propsloader folder.

Note: The keystorePass value provided by you in plain text is encrypted automatically when you restart the AgileApps application server.

3. After updating the properties, place the certificate in the {install-dir}/profiles/IS_default/configuration/tomcat/conf folder.

4. Restart the memcached server and start the AgileApps application server.

Learn More

• Certificate Signing Request (CSR) Generation Instructions-Tomcat, at
  https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR227