...
The encryption requires an existing keystore file or a new keystore generated using the command mzsh keytool generate. For further information about using keytool, see the JDK product documentation.
Setting Up with a New Keystore File
Run the mzsh keytool generate command to create a new certificate and keystore file. The certificate generated by the command will have the alias: Platform.
Create a keystore in the Platform Container.
| Code Block |
|---|
|
$ mzsh keytool generate -k <keystore file> --enable-tls http |
...
| title | Example - Creating a keystore |
|---|
| Code Block |
|---|
|
$ mzsh keytool generate -k $MZ_HOME/keys/container.keys --enable-tls http |
Change the url schema for the platform container.
| Code Block |
|---|
|
$ mzsh topo env --update-mz-platform https://<ip/hostname>:<port> |
...
Setting Up with an Existing Keystore File
Run the mzsh keytool command with the enable-tls option when an existing keystore already exists in the installation.
Enable the TLS protocol over HTTP.
| Code Block |
|---|
|
$ mzsh keytool enable-tls http -k <keystore file> -a <alias> |
| Note |
|---|
|
The alias must match the alias configured in the Container Properties, see Container. |
...
| Code Block |
|---|
|
$ mzsh keytool enable-tls http -k $MZ_HOME/keys/container.keys -a platform |
Change the url schema for the platform container.
| Code Block |
|---|
|
$ mzsh topo env --update-mz-platform https://<ip/hostname>:<port> |
| Note |
|---|
|
If a trusted certificate has been configured, a FQDN (Fully Qualified Domain Name) must be configured for the URL matching the FQDN of the certificate subject. |
...
Use the mzsh topo command to set the keystore properties.
| Insert excerpt |
|---|
| HTTP Configuration Properties |
|---|
| HTTP Configuration Properties |
|---|
|