Need

To allow the xDI clients (Designer) to connect to the License Server when SSL/TLS is enabled, you must have a certificate that will be loaded into the JVM used by xDI Designer.


Summarized Solution

The first steps describe how to generate a self-signed certificate. 

If you have an official one, you don't need to generate a new one, you can use your certificate and configure it on the license server.

So, you must

  • Generate the certificate (only if you don't have an official one)

  • Declare it on your License Server

  • Load it into the JVM used by your Designer


Detailed Solution

How to generate a Certificate 

To create a Self-Signed Certificate, you can run the following keytool command, which is part of Java.

Depending on your xDI version, the command is different:

  • Starting with 2024.1.x
keytool -genkeypair -keyalg RSA -keysize 2048 -alias <YOUR_ALIAS> -ext "SAN:c=DNS:<YOUR LICENSE SERVER DNS>,IP:<YOUR LICENSE SERVER IP>" -validity 3650 -storepass <YOUR_PASSWORD> -keypass <YOUR_PASSWORD> -keystore <YOUR_JKS_NAM + PATH> -deststoretype pkcs12
  • Before 2024.1.x
keytool.exe -genkey -keyalg RSA -alias <alias> -keystore <keystore.jks> -storepass <password> -validity 365 -keysize 2048

Once you have your certificate, you can set the values in the license server's spring-context.xml file as described in the xDI Documentation.


How to load the Certificate in the xDI clients JVM 

You can use, for example, the “Keystore Explorer” tool to export the Key Pair and load it into the JVM.


Using Keystore Explorer:

  1. Open the generated keystore <keystore.jks>

  2. Export the associated Key Pair:

    1. Go to the certificate view.

    2. Right-click on the certificate.

    3. Select "Export" and choose "Export Key Pair."

    4. Export the Key Pair in the PKCS12 format and select a destination path for the   <pkcs12> file

  3. Import the Key Pair into the cacerts keystore of the JVM:

    1. Navigate to the following path: lib -> security -> cacerts to open the cacerts of the JVM.

    2. Use the tool to import the Key Pair.

    3. Select <pkcs12> and enter its password

  4. Save and close the Keystore Explorer.


You can now start your Designer, and it will be able to connect to your License Server using SSL connection.