Deployment Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption

Configuration Guide 35

Create a Self-Signed Certificate Using Keytool and

Generate a Certificate Signing Request

NOTE: This section details the steps to create a self-signed certificate for the Java-based components. This process

cannot

be used to

create a self-signed certificate for

.NET-based components.

We recommend a self-signed certificate

only

in a non-production environment.

If your organization requires an SSL server certificate, or you need to create a certificate for other reasons, this section

describes the process to create a java keystore using the Keytool.

Keytool creates private keys that are passed in the format of a Certificate Signing Request (CSR) to a Certificate Authority

(CA), such as VeriSign® or Entrust®. The CA will then, based on this CSR, create a server certificate that it signs. The

server certificate is then downloaded to a file along with the signing authority certificate. The certificates are then

imported into the cacerts file.

Generate a New Key Pair and a Self-Signed Certificate

Navigate to the

conf

directory of the Compliance Reporter, Console Web Services, Device Server, or Gatekeeper Web

Services.

Back up the default certificate database:

Click

Start

Run

, and type

move cacerts cacerts.old

Add Keytool to the system path. Type the following command in a command prompt:

set path=%path%;%dell_java_home%\bin

To generate a certificate, run Keytool as shown:

keytool -genkey -keyalg RSA -sigalg SHA1withRSA -alias dell -keystore .\cacerts

Enter the following information as the Keytool prompts for it.

NOTE: Back up configuration files before editing them. Only change the specified parameters. Changing other data in these files, including

tags, can cause system corruption and failure. Dell cannot guarantee that problems resulting from unauthorized changes to these

files can be solved without reinstalling the Enterprise Server.

•

Keystore password:

Enter a password (unsupported characters are <>;&” ’), and set the variable in the component

conf

file to the same value, as follows:

<Compliance Reporter install dir>\conf\eserver.properties. Set the value eserver.keystore.password =

<Console Web Services install dir>\conf\eserver.properties. Set the value eserver.keystore.password =

<Device Server install dir>\conf\eserver.properties. Set the value eserver.keystore.password =

•

First and last name:

Enter the fully qualified name of the server where the component you are working with is

installed. This fully qualified name includes the host name and the domain name (example, server.dell.com).

•

Organizational unit:

Enter the appropriate value (example, Security).