View source | Discuss this page | Page history | Printable version   
Main Page
Upload file
What links here
Recent changes

PDF Books
Show collection (0 pages)
Collections help


Retail:Generate self-signed certificate for the Hardware Manager



The Hardware Manager is capable to generate automatically a new self-signed certificate if it does not exist but you can also generate it manually. This guide explains how to generate a self-signed certificate for the Hardware Manager using keytool and openssl.

Generate the certificate and the private key

Execute from the command line:

openssl req -new -x509 -keyout ca-key.pem -out ca-certificate.pem -days 365

This command generates two files: the certificate ca-certificate.pem valid for 365 days, and the private key ca-key.pem. Fill in the parameters with the information of your organization. Remember the key manager password, because will be used to configure the Hardware Manager later.

NOTE: The most important parameter is the Common Name (e.g. server FQDN or YOUR name), that must be the hostname or IP address of the machine where the Hardware Manager is installed.

Import the certificate and the private key into a p12 key store

Execute from the command line:

openssl pkcs12 -export -name hardwaremanager -in ca-certificate.pem  -inkey ca-key.pem  -out keystore.p12

This command generates a new key store file named keystore.p12 including the certificate and private key generated in the previous step.

Convert the p12 key store to a jks key store

Execute from the command line:

keytool -importkeystore -destkeystore keystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias hardwaremanager

This command generates a new key store file named keystore.jks with jks format that is the format needed by the Hardware Manager. Remember the key store password of the converted jks key store because it will be needed in the next step to configure the Hardware Manager.

Bulbgraph.png   Warning: Store safely the private key ca-key.pem and key store files keystore.p12 and keystore.jks, because can be used to sign new certificates accepted by the browsers you will configure later to access the Hardware Manager.

Configure the Hardware Manager

To configure the Hardware Manager you need the key store file keystore.jks and the key manager password and key store password. Open the Hardware Manager configuration file with a text editor and configure the following properties:

## Web server ##
server.fqdn = localhost
server.secureport = 8190
server.keystorepath = <KEYSTORE_PATH>
server.keystorepassword = <STORE_PASSWORD>
server.keymanagerpassword = <KEY_PASSWORD>

Where server.keystorepath is the location of the generated file, server.keystorepassword is the key store password and server.keymanagerpassword is the key manager password.

With this configuration you will be able to start the Hardware Manager with Secure HTTP (HTTPS) support.

Retrieved from ""

This page has been accessed 906 times. This page was last modified on 17 June 2015, at 16:03. Content is available under Creative Commons Attribution-ShareAlike 2.5 Spain License.