In order to allow the xDI clients to connect to the License Server when SSL/TLS is enabled, you must have a certificate that will be loaded into the JVM used by xDI Designer.
The first steps describe how to generate a self-signed certificate.
If you have an official one, you don't need to generate a new one, you can use your own certificate and configure it in the license server.
So, you must
- Generate the certificate (only if you don't have an official one)
- Declare it on your License Server
- Load it into the JVM used by your Designer
How to generate a Certificate
In order to create a Self-Signed Certificate, you can run the following keytool command, which is part of Java.
keytool.exe -genkey -keyalg RSA -alias <alias> -keystore <keystore.jks> -storepass <password> -validity 365 -keysize 2048
Now that you have your certificate, you can set the values in the license server's spring-context.xml as described in the xDI Documentation.
How to load the Certificate in the xDI clients JVM
You can use for example, the "Keystore Explorer" tool to export the Key Pair and load it into the JVM.
Using Keystore Explorer:
- Open the generated keystore <keystore.jks>
- Export the associated Key Pair:
- Go to the certificate view.
- Right-click on the certificate.
- Select "Export" and choose "Export Key Pair."
- Export the Key Pair in the PKCS12 format and select a destination path for the <pkcs12> file
- Import the Key Pair into the cacerts keystore of the JVM:
- Navigate to the following path: lib -> security -> cacerts to open the cacerts of the JVM.
- Use the tool to import the Key Pair.
- Select <pkcs12> and enter its password
- Save and close Keystore Explorer.
You can now start your Designer, and it will be able to connect to your License Server using SSL connection.