...
The tool is a bash script located here:
- [INSTALLINSTALLER_DIR]/ssl/kiuwan-certool.sh
...
When generating custom certificates, it is recommended that you change the default properties in the configuration file located here:
- [INSTALLINSTALLER_DIR]/ssl/config/certs.properties
...
The provided tool will use the CA files located here:
- [INSTALLINSTALLER_DIR]/ssl/ca/cacert.pem
- [INSTALLINSTALLER_DIR]/ssl/ca/cakey.pem
You can either:
...
Code Block | ||
---|---|---|
| ||
cd [INSTALLINSTALLER_DIR]/ssl/ca mv cacert.pem cacert.pem.bak mv cakey.pem cakey.pem.bak |
...
Just replace the provided files with your own CA's ([INSTALLINSTALLER_DIR]/ssl/ca/cacert.pem and [INSTALLINSTALLER_DIR]/ssl/ca/cakey.pem).
We recommend backing up the provided CA files just in case you want to get back to the provided defaults (see Use your own CA).
...
Code Block | ||
---|---|---|
| ||
cd [INSTALLINSTALLER_DIR]/ssl ./kiuwan-certool.sh [DOMAIN_NAME] |
...
Code Block | ||
---|---|---|
| ||
cd [INSTALLINSTALLER_DIR]/ssl ./kiuwan-cercopy.sh [DOMAIN_NAME] |
...
Once you have all the needed files (remember that you can use the provided truststore.jks file), copy them to:
- [INSTALLINSTALLER_DIR]/user-content/certs
Step 3: continue with your installation
...
The CA public certificate is provided in this file:
- [INSTALLINSTALLER_DIR]/ssl/ca/cacert.pem
If you choose to sign your domain's certificate with the provided CA, a new CA created using kiuwan-certool.sh or your own CA, internet browsers and other clients accessing your Kiuwan On-Premises installation will not recognize it as a trusted CA by default. You will get error messages like this one:
...