Description
There are three relevant configuration entries in the server/conf/commander.properties
file:
COMMANDER_HTTPS_PORT=8443 COMMANDER_KEYSTORE=conf/keystore COMMANDER_KEYSTORE_PASSWORD=abcdef
-
COMMANDER_HTTPS_PORT
configures the SSL port. -
COMMANDER_KEYSTORE
is the location of the java keystore where the Commander HTTP server finds its host certificate -
COMMANDER_KEYSTORE_PASSWORD
is the password to the keystore
Solution
Follow these steps to generate and inject a self-signed certificate for 1 year.
1) Back up the keystore file.
2) Delete the original key.
atumarkin@ATUMARKIN /cygdrive/c/ProgramData/Electric Cloud/ElectricCommander/conf $ "c:/Program Files/Electric Cloud/ElectricCommander/jre/bin/keytool" -delete -alias jetty -keystore keystore -keypass passkey Enter keystore password: abcdef
3) Generate and inject a new certificate.
atumarkin@ATUMARKIN /cygdrive/c/ProgramData/Electric Cloud/ElectricCommander/conf $ "c:/Program Files/Electric Cloud/ElectricCommander/jre/bin/keytool" -keystore keystore -alias jetty -genkey -keyalg RSA -sigalg MD5withRSA -validity 365 Enter keystore password: abcdef What is your first and last name? [Unknown]: localhost What is the name of your organizational unit? [Unknown]: What is the name of your organization? [Unknown]: What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct ? [no]: yes Enter key password for (RETURN if same as keystore password):
4) Restart the server.
Your new certificate will look something like this:
atumarkin@ATUMARKIN /cygdrive/c/ProgramData/Electric Cloud/ElectricCommander/conf $ "c:/Program Files/Electric Cloud/ElectricCommander/jre/bin/keytool" -list -v -keystore keystore -keypass passkey Enter keystore password: abcdef Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: jetty Creation date: Jan 31, 2012 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Issuer: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Serial number: 4f28603f Valid from: Tue Jan 31 13:42:23 PST 2012 until: Wed Jan 30 13:42:23 PST 2013 Certificate fingerprints: MD5: 38:50:CD:29:8C:16:3A:78:29:0F:45:56:E0:CA:42:D9 SHA1: 9B:A3:E4:EA:A7:C0:3A:ED:BF:63:24:18:F0:08:78:22:59:85:BC:8A Signature algorithm name: MD5withRSA Version: 3 ******************************************* *******************************************
References
-
Background on configuring a java keystore: https://eclipse.dev/jetty/documentation/jetty-11/operations-guide/index.html#og-keystore
-
Discusses how to generate and import a key into the keystore (self-signed)
-
-
Background on the java keytool and keystore: https://download.oracle.com/javase/1.5.0/docs/tooldocs/windows/keytool.html
-
More information on how to generate a keyrequest, sign it with an external PKI, etc.
-