Guide will cover:
• How to create Java keystore and CSR with portecle tool
• How to submit CSR to Certificate Authority (CA)
• How to import certificate from CA
• How to configure keystore on webNetwork server
Requirements:
• Purchase SSL certificate from CA vendor
• Examples of CA providers: Godaddy, RapidSSL, DigiCert, GeoTrust,
etc...
How to create Java keystore and CSR with portecle tool
Purpose:
• webNetwork runs on a java-based webserver called Jetty and requires a java keystore for SSL
• You must create a keystore and certificate request (CSR) for Certificate Authority (CA) vendor
Steps:
1. Download portecle tool
2. Extract ZIP file and launch portecle.jar 3. Click file and select New Keystore 4. Choose JKS then click OK
5. Click Tools then choose Generate Key Pair... 6. Choose RSA 2048 then click OK
7. Change Signature Algorithm to SHA256withRSA 8. Input proper information in the fields then click OK 9. Leave Alias as default and click OK
10. Enter password for keystore
11. Verify successful creation then click OK 12. Go to File and select Save Keystore As... 13. Enter password again then click OK 14. Enter file name and click Save
15. Right-click on highlighted keystore and select Generate Certificate Request (CSR)
Installation valid SSL
certificate
Page 1
16. Click Generate
17. Verify CSR created successful then click OK
1. Download portecle tool
2. Extract ZIP file and launch portecle.jar
Page 3
3. Click file and select New Keystore
5. Click Tools then choose Generate Key Pair...
6. Choose RSA 2048 then click OK
Page 5
8. Input proper information in the fields then click OK
• IMPORTANT- Common Name (CN) should be the name of your domain and certificate purchased
9. Leave Alias as default and click OK
Page 7
10. Enter password for keystore
• IMPORTANT- document password for later use in webNetwork and make sure it is complex password
12. Go to File and select Save Keystore As...
13. Enter password again then click OK
• IMPORTANT- make sure its the same password entered earlier
Page 9
14. Enter file name and click Save
15. Right-click on highlighted keystore and select Generate Certificate Request
(CSR)
Page 11
16. Click Generate
17. Verify CSR created successful then click OK
How to submit CSR to Certificate Authority (CA)
Purpose:
• Certificate Authority vendor needs CSR to generate certificate file Steps:
1. Submit to CA vendor
• All vendors handle submission and verification slightly differently
• Vendors typically won't let you upload a file, so open the CSR file with notepad and copy the contents to vendor site
• If you did not register your domain with the same vendor who you purchased SSL certificate from, you may need to verify you own the domain
• Typically ownership is done by WHOIS lookup of domain and contacting the technical and admin contacts (may differ depending on CA vendor chosen)
• Typically verification and submisison takes a few hours or less
How to import certificate from CA
Purpose:
• Certificate needs to be imported into keystore before placing on wN servers Steps:
1. Right-click on keystore and choose Import CA Reply 2. Click OK
3. Click OK again 4. Click Yes
5. Enter password 6. Verify successful
7. Go to File then Save Keystore
Page 13
1. Right-click on keystore and choose Import CA Reply
• Portecle tool certificate must be in P7B format
• If you need to convert certificate to P7B, you can use Internet Explorer to help with process
• Simply go to Tools -> Internet Options -> Content -> Ceriticates and use Import/Export buttons
3. Click OK again
4. Click Yes
Page 15
5. Enter password
6. Verify successful
How to configure keystore on webNetwork server
Purpose:
• You'll need to configure webNetwork server(s) to use the new keystore file and match up keystore password with relayuser
Steps:
1. Copy keystore file to webNetwork server(s) 2. Go to webAdmin tool
3. Expand Relay Admin and click on relay object 4. Change certificate path to match your keystore file 5. Click Save button
6. Expand User-Group Admin folder 7. Expand Users object
8. Click on relayuser
9. Click Authentication tab 10. Click "Change" button
11. Change password to match keystore password 12. Verify password has been changed
13. Close webAdmin 14. Logout
15. Go to Server Management Console 16. Go to Services tab
17. Right-click on relay object 18. Click Properties
19. Change password to match keystore password 20. Click Save button
21. Click Setting tab then shutdown button 22. Click OK button
23. Verify webNetwork service is shutdown 24. Change relayuser password in directory 25. Startup webNetwork service
1. Copy keystore file to webNetwork server(s)
• Copy to stoneware\config directory
• Example keystore file was called company.jks
Page 17
3. Expand Relay Admin and click on relay object
Page 19
5. Click Save button
6. Expand User-Group Admin folder
Page 21
7. Expand Users object
9. Click Authentication tab
10. Click "Change" button
Page 23
11. Change password to match keystore password
• IMPORTANT- relayuser password must match earlier keystore password entered with portecle tool
12. Verify password has been changed
14. Logout
15. Go to Server Management Console
• https://127.0.0.1:8090
Page 25
16. Go to Services tab
• Some services will be markedredand that is normal behavior because you do not have a
full license
17. Right-click on relay object
Page 27
19. Change password to match keystore password
• IMPORTANT- relayuser password must match earlier keystore password entered with portecle tool
Page 29
21. Click Setting tab then shutdown button
22. Click OK button
23. Verify webNetwork service is shutdown
Page 31
