Generate a Certificate Request for your XTAM Server
The following article describes the process of generating a certificate request for your XTAM server.
Before proceeding, be sure that you have access to the XTAM host server (the server on which XTAM was installed) and have enough permissions on this server to execute commands and update files.
- Login to the XTAM host server and open a command line. Be sure you have the required permissions to execute commands and / or run the prompt as an administrator.
- In the command prompt, navigate to the directory where XTAM is installed. We will reference this as $XTAM_HOME.
- Type the below command to generate the server’s private key. XTAM’s private key will be located in a keystore and both the keystore and the private key will be generated in this step. Please be sure that both the keystore and the private key password are identical.
For Windows deployments:
Copybin\PamKeytool.cmd -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore xtamkeystore.jksFor Linux deployments:
Copybin/PamKeytool.sh -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore xtamkeystore.jksWhen this command runs, first, enter and then re-enter a keystore password.
Next, this command will prompt for the X.509 attributes of the certificate. Populate them based on the rules of the organization and Microsoft CA that will be used to generate a certificate. Make sure that the first attribute First and last name (Common Name (CN)) will contain the domain of your website that you will access XTAM with using HTTPS (i.e. xtam.company.com).
When prompted for the password for the private key alias, press Enter. This will set the private key password to the same password used for the keystore entered in the beginning.
Note that SSL certificates can only be used on Web applications using the Common Name specified during CSR generation (in the First and last name (Common Name (CN)) attribute).
For example, a certificate for the domain “domain.com” will receive a warning if accessing a site named www.domain.com or “secure.domain.com”, because “www.domain.com” and “secure.domain.com” are different from “domain.com”.
-
Next we will generate a CSR off the generated private key. Type the following command:
-
For Windows deployments:
Copybin\PamKeytool.cmd -certreq -keyalg RSA -alias tomcat -file xtam.csr -keystore xtamkeystore.jks -
For Linux deployments:
Copybin/PamKeytool.sh -certreq -keyalg RSA -alias tomcat -file xtam.csr -keystore xtamkeystore.jks -
As a result, you will have the file xtam.csr in the $XTAM_HOME directory. Use this file to generate your SSL certificate in Microsoft CA.
-
-
XTAM expects the resulting certificate to be in the format PFX and be in the file with the extension pfx. When you will generate it, use it as the XTAM Server certificate. If, instead of a pfx file the certificate authority will generate root (root.crt), intermediate (bundle.crt) and certificate (xtam.crt) CRT files then copy them to the $XTAM_HOME directory and finally import them into the same keystore generated earlier using the following commands from the $XTAM_HOME directory:
Make sure to replace the below file names root.crt, bundle.crt and xtam.crt with the certificate file names generated by your CA.
-
For Windows deployments:
Copybin\PamKeytool.cmd -import -alias root -keystore xtamkeystore.jks -trustcacerts -file root.crtCopybin\PamKeytool.cmd -import -alias intermed -keystore xtamkeystore.jks -trustcacerts -file bundle.crtCopybin\PamKeytool.cmd -import -alias tomcat -keystore xtamkeystore.jks -trustcacerts -file xtam.crt -
For Linux deployments:
Copybin/PamKeytool.sh -import -alias root -keystore xtamkeystore.jks -trustcacerts -file root.crtCopybin/PamKeytool.sh -import -alias intermed -keystore xtamkeystore.jks -trustcacerts -file bundle.crtCopybin/PamKeytool.sh -import -alias tomcat -keystore xtamkeystore.jks -trustcacerts -file xtam.crt -
After that use the file $XTAM_HOME/xtamkeystore.jks (use the full path) as a certificate with the password you generated in step #3.
-