View source | Discuss this page | Page history | Printable version   

Retail:Generate self-signed certificate for the Hardware Manager



The Hardware Manager is capable to generate automatically a new self-signed certificate if it does not exist but you can also generate it manually. This guide explains how to generate a self-signed certificate for the Hardware Manager using keytool and openssl.

Generate the private key

Execute from the command line:

openssl genrsa -out ca-certificate.pem.key.pem 2048

This command generates the file ca-certificate.pem.key.pem that contains the private key that will be used in the next step to generate the certificate.

Generate the certificate

First create the following configuration file and save it as ca-certificate.pem.cfg Replacing the values according your organization.

NOTE: The most important parameter is the Subject Alternative Name that must be the hostname of the machine where the Hardware Manager is installed.

distinguished_name = req_distinguished_name
x509_extensions = v3_ca
prompt = no
C = <Country Name>
ST = <State or Province Name>
L = Locality
O = <Organization> 
OU = <Organizational Unit>
CN = <Common name>
subjectAltName = @alternate_names
copy_extensions = copy
DNS.1 = <Subject Alternative Name 1>

Then execute from the command line:

openssl req -new -x509 -sha256 -days 365 -config ca-certificate.pem.cfg -key ca-certificate.pem.key.pem -out ca-certificate.pem

This command generates the certificate file ca-certificate.pem valid for 365 days. Remember the key manager password, because will be used to configure the Hardware Manager later.

Import the certificate and the private key into a p12 key store

Execute from the command line:

openssl pkcs12 -export -name hardwaremanager -in ca-certificate.pem  -inkey ca-certificate.pem.key.pem  -out keystore.p12

This command generates a new key store file named keystore.p12 including the certificate and private key generated in the previous step.

Convert the p12 key store to a jks key store

Execute from the command line:

keytool -importkeystore -destkeystore keystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias hardwaremanager

This command generates a new key store file named keystore.jks with jks format that is the format needed by the Hardware Manager. Remember the key store password of the converted jks key store because it will be needed in the next step to configure the Hardware Manager.

Bulbgraph.png   Warning: Store safely the private key ca-certificate.pem.key.pem and key store files keystore.p12 and keystore.jks, because can be used to sign new certificates accepted by the browsers you will configure later to access the Hardware Manager.

Configure the Hardware Manager

To configure the Hardware Manager you need the key store file keystore.jks and the key manager password and key store password. Open the Hardware Manager configuration file with a text editor and configure the following properties:

## Web server ##
server.fqdn = localhost
server.secureport = 8190
server.keystorepath = <KEYSTORE_PATH>
server.keystorepassword = <STORE_PASSWORD>
server.keymanagerpassword = <KEY_PASSWORD>

Where server.keystorepath is the location of the generated file, server.keystorepassword is the key store password and server.keymanagerpassword is the key manager password.

With this configuration you will be able to start the Hardware Manager with Secure HTTP (HTTPS) support.

Retrieved from ""

This page has been accessed 3,813 times. This page was last modified on 27 April 2017, at 10:01. Content is available under Creative Commons Attribution-ShareAlike 2.5 Spain License.