The encryption requires an existing keystore file or a new keystore generated using the command mzsh keytool generate. For further information about using keytool, see the JDK product documentation.

Setting Up with a New Keystore File

Run the mzsh keytool generate command to create a new certificate and keystore file. The certificate generated by the command will have the alias: Platform.

1. Create a keystore in the Platform Container.

   Code Block
   language text theme Eclipse
   $ mzsh keytool generate -k <keystore file> --enable-tls http

   
   

   Info
   title Example - Creating a keystore
   Code Block language text theme Eclipse $ mzsh keytool generate -k $MZ_HOME/keys/container.keys --enable-tls http

   
   

2. Change the url schema for the platform container.

   Code Block
   language text theme Eclipse
   $ mzsh topo env --update-mz-platform https://<ip/hostname>:<port>

   
   

3. Restart the system, including all Desktops.

Setting Up with an Existing Keystore File

Run the mzsh keytool command with the enable-tls option when an existing keystore already exists in the installation.

1. Enable the TLS protocol over HTTP.

   Code Block
   language text theme Eclipse
   $ mzsh keytool enable-tls http -k <keystore file> -a <alias>

   
   

   Note
   title Note!
   The alias must match the alias configured in the Container Properties, see 2.6.2 Container Properties.

   
   

   Info
   title Example
   Code Block language text theme Eclipse $ mzsh keytool enable-tls http -k $MZ_HOME/keys/container.keys -a platform

   
   

2. Change the url schema for the platform container.

   Code Block
   language text theme Eclipse
   $ mzsh topo env --update-mz-platform https://<ip/hostname>:<port>

   
   

   Note
   title Note!
   If a trusted certificate has been configured, a FQDN (Fully Qualified Domain Name) must be configured for the URL matching the FQDN of the certificate subject.

   
   

3. Restart the system including all Desktops.