- Please make sure that the current keystore ( with a renewed/replaced certificate) contains a private key.
- RadiantOne installation comes with a java keytool which is a command line utility which can be used for performing read/modify operation of keystore entries and certain properties.
Keytool file is present in RLI_HOME/jdk/jre/bin
Server Public Key:
- A Public Key is is issued in .cer format which is obtained from the CA using the CSR and in the case of CA-signed/Self Signed certificate is issued for the host/server where the keystore resides( Subject Alternative Names or SANs included allow resusing the keystore for the all the hostnames listed as SANs).
- During the RadiantOne installation, a default self-signed certificate is generated for RadiantOne FID. This self-signed certificate can be replaced with one assigned by a Certificate Authority (CA).
- If RadiantOne FID is deployed in a cluster, and each node has their own server certificate ( Unless Subject Alternative Names are specified for the nodes of the cluster. The same server cert can be used for all the nodes of the cluster.)
- Make sure the certificate is created with ServerAuth & ClientAuth extended key usage.
- DELETING THE PUBLIC KEY ENTRY WILL ALSO DELETE THE PRIVATE KEY. DELETING ENTRIES FROM RLI KEYSTORE IS NOT RECOMMENDED.
Server Private Key:
- Private key matching the public key ( CA-signed/Self Signed certificate ) issued for the host/server will be present in the keystore with the default alias "rli".
- DELETING THE PUBLIC KEY ENTRY WILL ALSO DELETE A PRIVATE KEY. DELETING ENTRIES FROM RLI KEYSTORE IS NOT RECOMMENDED.
- Also, please make sure that, RLI_HOME/vds_server/jetty/conf, only contains ONE COPY of the keystore, please make sure that all the backups are deleted.
Please sign in to leave a comment.