Navigate to the /opt directory.
Create a new directory called cacerts.
mkdir -p /opt/cacerts
Navigate to the /opt/netiq/jdk <version>/bin directory.
Run the following command:
./keytool -genkey -alias mycerts -keyalg RSA -keystore /opt/certs/tomcat.ks -validity 3650 -keysize 1024 -dname "CN=<ip-address>,OU=<organizational unit>,O=<object>,L=<location>,S=<state>,C=<country>" -keypass <password> -storepass <password>
For example,
./keytool -genkey -alias mycerts -keyalg RSA -keystore /opt/certs/tomcat.ks -validity 3650 -keysize 1024 -dname "CN=192.168.0.1,OU=employee,O=department,L=bengaluru,S=karnataka,C=india" -keypass changeit -storepass changeit
Create a file called tomcat.csr:
touch /opt/certs/tomcat.csr
Create a keystore and generate the *.csr file to be issued to eDirectory for converting *.csr to *.der format.
./keytool -certreq -v -alias mycerts -file /opt/certs/tomcat.csr -keypass changeit -keystore /opt/certs/tomcat.keystore -storepass changeit
Generate the eDirectory self-signed certificate.
Log in to iManager.
Click Administration > Modify Object.
Browse to the <tree name> ca.security, where <tree name> is the Identity Vault tree name.
Click OK.
Click Certificates.
Select the self-signed certificate you want to use.
Click Validate.
Click Export.
Clear the Export private key check box.
Select DER from the Export format field.
Click Next.
Click Save the exported certificate.
Click Close.
Import the self-signed certificate that you created in step 7.
./keytool -import -trustcacerts -alias root -keystore /opt/certs/tomcat.ks -file /opt/certs/cert.der
Create a certificate for the tomcat.csr certificate that you created in step 6.
In iManager, click Roles and Tasks > NetIQ Certificate Server > Issue Certificate.
Browse to the tomcat.csr file created in step 6.
Click Next.
Select the Certificate Type as Unspecified.
Click Next.
The tomcat.der file is now generated.
Import the tomcat.der certificate to the keystore.
./keytool -import -alias mycerts -keystore /opt/certs/tomcat.keystore -file /opt/certs/tomcat.der
Import the root and self-signed certificates to the Java cacerts location.
./keytool -import -trustcacerts -alias root -keystore /opt/netiq/jdk <version>/jre/lib/security/cacerts -file /opt/certs/cert.der
./keytool -import -alias mycerts -keystore /opt/netiq/jdk <version>/jre/lib/security/cacerts -file /opt/certs/tomcat.der