...
Set the properties that specifies the keystore path and the passwords in each Execution Container. Use the same values as for the Platform Container.
Info title Example - Retrieving the values from the Platform Container Code Block language text theme Eclipse $ mzsh topo get --format data-only topo://container:<platform container>/val:common.pico.rcp.tls.keystore $ mzsh topo get --format data-only topo://container:<platform container>/val:common.pico.rcp.tls.keystore.password $ mzsh topo get --format data-only topo://container:<platform container>/val:common.pico.rcp.tls.key.password
If aliases are used in the keystore, you can use this for retrieving the value of the alias used by the platform certificate.
Code Block $ mzsh topo get --format data-only topo://container:<platform container>/val:common.pico.rcp.tls.keystore.alias
Info title Example - Configuring keystore properties Code Block language text theme Eclipse $ mzsh topo set 'topo://container:<execution container>/obj:common.pico.rcp.tls' \ '{ keystore=${mz.home}"/keys" }' $ mzsh topo set 'topo://container:<execution container>/val:common."pico.rcp.tls.keystore.password"' \ <encrypted password> $ mzsh topo set 'topo://container:<execution container>/val:common."pico.rcp.tls.key.password"' \ <encrypted password>If aliases are used in the keystore, you can use this to configure the value of the alias.
Code Block $ mzsh topo set 'topo://container:<execution container>/val:common."pico.rcp.tls.keystore.alias"' \ <encrypted password>
- There are two methods that you can use to make the client/server certificates available on all containers.
- Copy the keystore file that was created in TLS Standard Setup from the Platform Container to each of the Execution Containers. The target path is specified by the property
pico.rcp.tls.keystore. - Create a keystore and key pair on each Execution Container, then export and import the certficates. The certificate from the Platform Container must be exported to all Execution Containers. The certificates from the Execution Containers must be exported to the Platform Container.
Run the following command to export a certificate:
Code Block language text theme Eclipse $ keytool -keystore <keystore file> -export -rfc -alias <alias_name> -file <certificate filename>
Info title Example - Exporting a certificate Code Block language text theme Eclipse $ keytool -keystore $MZ_HOME/keys/container.keys -export -rfc -alias platform -file $MZ_HOME/keys/platform.pem
Run the following command to import a certificate:
Code Block language text theme Eclipse $ keytool -import -alias <alias_name> -file <certificate_file_name> -keystore <keystore file> -keypass <password> -storepass <password>
Info title Example - Importing a certificate - Copy the keystore file that was created in TLS Standard Setup from the Platform Container to each of the Execution Containers. The target path is specified by the property
Enable client authentication by setting the property
pico.rcp.tls.require_clientauthtotrue.Info title Example - Enabling client authentication Code Block language text theme Eclipse $ mzsh topo set topo://container:<platform container>/val:common.pico.rcp.tls.require_clientauth true
- Restart the system
Desktops
When client authentication is enabled, each desktop installation must authenticate itself to the Platform using a private key. You have to import this key in the Desktop Launcher in order to connect to the Platform. The certificate must also be imported as a trusted certificate in the Platform keystore.
...