akkida746/Java SSL Certificate Configuration.txt

## Java SSL Certificate Configuration.txt
Jetty/Certificate setup.

Use following command for import

keytool -import -keystore c:\Godiva\gdi\pos\res\ssl\.truststore -file xcenter-20140311.cer -alias xcentre-localhost

=========================================================================================================================

Perform the following procedure to create and deploy Self-Signed Certificates for Xcenter and
Xadmin.
1. To create a directory structure for key creation, type the following commands:
C:\>md C:\cert\xstore
C:\>cd C:\cert\xstore
To create a Keystore and Key, type the following command:
C:\cert\xstore>keytool -genkey -keystore server.keystore -alias
xcenter-YYYYMMDD -keyalg RSA -keysize 2048 -validity 3950
a. When prompted, enter and confirm the keystore password.
This password will need to be configured in Jetty/Tomcat. The
password will also need to be entered and confirmed in later sections.
When prompted for a key password, press [Enter] to use the same
password as the keystore. MICROS recommends using the same
password for both the keystore password and the key password.

b. Answer the questions when prompted. (NOTE: The questions may appear in a
different order than shown in the table below. Answer each question appropriately
using the table below as a guide).

Name Field Explanation Example
First and Last Name (aka Common Name) : The hostname or IP address that will be used to access the server.: 10.0.1.1
Organizational Unit  : Use this field to remind you what the certificate is used for.    :  Xstore-YYYYMMDD
The OU must be different on each key. (One option is to add
a date to make it unique).
Organization Name  : The exact legal name of your organization.  :  Micros Retail
City or Locality  : The city where your organization is located.  :  Cleveland
State or Province Name  : The state or province where your organization is located.  :  Ohio
Cannot be abbreviated.
Two-letter country code  : The two-letter ISO abbreviation for your country  :  US

c. When prompted if the information is correct, type y or yes.
d. When prompted, press [Enter] to use the same password as the keystore.
[RECOMMENDED]

3. To self-sign the Certificate, type the following command:
C:\cert\xstore>keytool -selfcert -alias xcenter-YYYYMMDD -keystore
server.keystore -validity 395

a. When prompted, enter the keystore password.

4. To export the Certificate, type the following command:
C:\cert\xstore>keytool -export -alias xcenter-YYYYMMDD -keystore
server.keystore -rfc -file xcenter-YYYYMMDD.cer

a. When prompted, enter the keystore password.

5. The resulting server.keystore will be used during the Jetty/Tomcat install. See
“Installing an App Server: Jetty or Tomcat” on page 58 for installation instructions.

Now reinsatll Jetty and use this keystore and cert for the installation.

Once Done,
Import the cert that was exported in step 4 above to the following locations:
pos/res/ssl/.truststore (if exists)
gdi_pos/res/ssl/.truststore (if exists)
%JAVA_HOME%/jre/lib/security/cacert (the cacert you added torun configurations on your system for email to work)
Command to import:
keytool -import -keystore (name of the keystore/truststore/cacert) -file (the ecrt exported in step 4)
enter the keystore password.
Password for xstore .trustore file will be allgoodthings
Password for java cacert will be changeit

Once you do this,
Access the webservice using your computer name not localhost. and it should work.
	Jetty/Certificate setup.

	Use following command for import

	keytool -import -keystore c:\Godiva\gdi\pos\res\ssl\.truststore -file xcenter-20140311.cer -alias xcentre-localhost

	=========================================================================================================================

	Perform the following procedure to create and deploy Self-Signed Certificates for Xcenter and
	Xadmin.
	1. To create a directory structure for key creation, type the following commands:
	C:\>md C:\cert\xstore
	C:\>cd C:\cert\xstore
	To create a Keystore and Key, type the following command:
	C:\cert\xstore>keytool -genkey -keystore server.keystore -alias
	xcenter-YYYYMMDD -keyalg RSA -keysize 2048 -validity 3950
	a. When prompted, enter and confirm the keystore password.
	This password will need to be configured in Jetty/Tomcat. The
	password will also need to be entered and confirmed in later sections.
	When prompted for a key password, press [Enter] to use the same
	password as the keystore. MICROS recommends using the same
	password for both the keystore password and the key password.

	b. Answer the questions when prompted. (NOTE: The questions may appear in a
	different order than shown in the table below. Answer each question appropriately
	using the table below as a guide).

	Name Field Explanation Example
	First and Last Name (aka Common Name) : The hostname or IP address that will be used to access the server.: 10.0.1.1
	Organizational Unit : Use this field to remind you what the certificate is used for. : Xstore-YYYYMMDD
	The OU must be different on each key. (One option is to add
	a date to make it unique).
	Organization Name : The exact legal name of your organization. : Micros Retail
	City or Locality : The city where your organization is located. : Cleveland
	State or Province Name : The state or province where your organization is located. : Ohio
	Cannot be abbreviated.
	Two-letter country code : The two-letter ISO abbreviation for your country : US

	c. When prompted if the information is correct, type y or yes.
	d. When prompted, press [Enter] to use the same password as the keystore.
	[RECOMMENDED]

	3. To self-sign the Certificate, type the following command:
	C:\cert\xstore>keytool -selfcert -alias xcenter-YYYYMMDD -keystore
	server.keystore -validity 395

	a. When prompted, enter the keystore password.

	4. To export the Certificate, type the following command:
	C:\cert\xstore>keytool -export -alias xcenter-YYYYMMDD -keystore
	server.keystore -rfc -file xcenter-YYYYMMDD.cer

	a. When prompted, enter the keystore password.

	5. The resulting server.keystore will be used during the Jetty/Tomcat install. See
	“Installing an App Server: Jetty or Tomcat” on page 58 for installation instructions.

	Now reinsatll Jetty and use this keystore and cert for the installation.

	Once Done,
	Import the cert that was exported in step 4 above to the following locations:
	pos/res/ssl/.truststore (if exists)
	gdi_pos/res/ssl/.truststore (if exists)
	%JAVA_HOME%/jre/lib/security/cacert (the cacert you added torun configurations on your system for email to work)
	Command to import:
	keytool -import -keystore (name of the keystore/truststore/cacert) -file (the ecrt exported in step 4)
	enter the keystore password.
	Password for xstore .trustore file will be allgoodthings
	Password for java cacert will be changeit

	Once you do this,
	Access the webservice using your computer name not localhost. and it should work.