Skip to main content
Version: Release 24.1

Update the digital certificate

The Release Setup Wizard can generate a self-signed digital certificate for secure communications.

This can cause issues in situations where Release needs to be accessed via a URL other than https://localhost:5516, because the common name in the certificate is localhost. For more information, see Install Release using a manual setup.

View the certificate

To view the certificate, use the keytool utility, which is part of the Java JDK distribution, on the Release server:

keytool -list -keystore conf/keystore.jks -v

Sample output:

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: jetty
Creation date: Jun 3, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=localhost, O=Release Server, C=NL
Issuer: CN=localhost, O=Release Server, C=NL
Serial number: 38e4ab60
Valid from: Tue Jun 03 11:24:19 CEST 2014 until: Thu Jun 04 11:24:19 CEST 2015
Certificate fingerprints:
     MD5:  04:C1:91:34:70:FA:CD:16:DA:FA:F0:E3:1B:AC:81:9B
     SHA1: AA:D2:54:0E:04:8A:56:51:80:74:6B:9C:B9:F1:6D:7F:2F:F9:88:0F
     SHA256: 5E:80:50:86:B8:C3:73:66:44:36:E2:AA:54:25:B4:F3:2B:DF:CC:78:31:0D:24:E5:8A:64:C9:10:A2:17:BB:AB
     Signature algorithm name: SHA256withRSA
     Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 5D 37 E4 76 6E 59 C9 59   28 A3 DF FF 01 92 70 3E  ]7.vnY.Y(.....p>
0010: 0B 04 B0 5F                                        ..._
]
]

*******************************************
*******************************************
note

The alias name is jetty. Release looks up the certificate using this key.

To update the digital certificate

  1. Move the current conf/keystore.jks file to a different location.
  2. Use keytool in the XL_RELEASE_SERVER_HOME directory: 
    keytool -genkey -keyalg RSA -alias jetty -keystore conf/keystore.jks -validity 360 -keysize 2048
  3. Choose a keystore password.
  4. Enter the host name that you want to use to access Release. This is a sample of the output: 
    Enter keystore password:
    Re-enter new password:
    What is your first and last name?

    What is the name of your organizational unit?
      [Unknown]:
    What is the name of your organization?
      [Unknown]:
    What is the name of your City or Locality?
      [Unknown]:
    What is the name of your State or Province?
      [Unknown]:
    What is the two-letter country code for this unit?
      [Unknown]:
    Is CN=yourservername.yourdomain.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?

    Enter key password for <jetty>
        (RETURN if same as keystore password):
  5. Update the following settings in conf/xl-release-server.conf: 
    keystore.password=yourpassword
    keystore.keypassword=yourpassword
note

If you require a more complex digital certificate, generate it with OpenSSL and import it using keytool with the alias jetty.

For more information about SSL and Jetty, see the Jetty documentation.