Navigate to the /opt directory.
Create a new directory called cacerts.
mkdir -p /opt/cacerts
Navigate to the /opt/netiq/jdk <version>/bin directory.
Run the following command:
./keytool -genkey -alias mycerts -keyalg RSA -keystore /opt/certs/tomcat.ks -validity 3650 -keysize 1024 -dname "CN=<ip-address>,OU=<organizational unit>,O=<object>,L=<location>,S=<state>,C=<country>" -keypass <password> -storepass <password>
./keytool -genkey -alias mycerts -keyalg RSA -keystore /opt/certs/tomcat.ks -validity 3650 -keysize 1024 -dname "CN=192.168.0.1,OU=employee,O=department,L=bengaluru,S=karnataka,C=india" -keypass changeit -storepass changeit
Create a file called tomcat.csr:
Create a keystore and generate the *.csr file to be issued to eDirectory for converting *.csr to *.der format.
./keytool -certreq -v -alias mycerts -file /opt/certs/tomcat.csr -keypass changeit -keystore /opt/certs/tomcat.keystore -storepass changeit
Generate the eDirectory self-signed certificate.
Log in to iManager.
Browse to the, where is the Identity Vault tree name.
Select the self-signed certificate you want to use.
Clear thecheck box.
Select DER from the field.
Import the self-signed certificate that you created in step 7.
./keytool -import -trustcacerts -alias root -keystore /opt/certs/tomcat.ks -file /opt/certs/cert.der
Create a certificate for the tomcat.csr certificate that you created in step 6.
In iManager, click> > .
Browse to the tomcat.csr file created in step 6.
Select the Unspecified.as
The tomcat.der file is now generated.
Import the tomcat.der certificate to the keystore.
./keytool -import -alias mycerts -keystore /opt/certs/tomcat.keystore -file /opt/certs/tomcat.der
Import the root and self-signed certificates to the Java cacerts location.
./keytool -import -trustcacerts -alias root -keystore /opt/netiq/jdk <version>/jre/lib/security/cacerts -file /opt/certs/cert.der
./keytool -import -alias mycerts -keystore /opt/netiq/jdk <version>/jre/lib/security/cacerts -file /opt/certs/tomcat.der