Replace the Certificate with Your Non-default Keystore
You can use a keystore other than the default (sessionserver/etc/keystore.bcfks
) to store your CA-signed certificates.
Specify the following properties in sessionserver/conf/container.properties
:
server.ssl.key-store
server.ssl.key-store-password
Where the keystore path is set to the non-default keystore file name and the keystore password is set to the obfuscated value generated by the following command from the sessionserver
directory:
../java/bin/java -cp ./lib/jetty-util-<version>.jar org.eclipse.jetty.util.security.Password passwordToObfuscate
For example:
server.ssl.key-store=${server.home}/etc/custom.bcfks
server.ssl.key-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
tip
To avoid confusion, delete the default keystore.
To prevent the default keystore from being generated when the server starts up, open /conf/product-core-ctx.xml
in a text editor and either remove or comment out the servletEngineKeystoreGenerator section. Restart the session server.