Versions Compared

Version Old Version 1 New Version Current
Changes made by

Chooi San Chong

Chooi San Chong

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

If you prefer to use the Platform Container Keystore for all remote picos, follow these steps.

Execution Context

  1. Copy the keystore file that was created in Enable One-way SSL On RCP from the Platform Container to each of the Execution Containers. Place it in Execution Container $MZ_HOME/keys.

  2. Retrieve the properties keystore path, passwords and alias from Platform Container.

Info

Commands retrieving the values from the Platform Container

Code Block
$ mzsh topo get --format data-only topo://container:<platform container>/val:common.pico.rcp.tls.keystore
$ mzsh topo get --format data-only topo://container:<platform container>/val:common.pico.rcp.tls.keystore.password
$ mzsh topo get --format data-only topo://container:<platform container>/val:common.pico.rcp.tls.key.password

If aliases are used in the keystore, you can use this for retrieving the value of the alias used by the platform certificate.

Code Block
$ mzsh topo get --format data-only topo://container:<platform container>/val:common.pico.rcp.tls.keystore.alias

  1. Set these same properties in each Execution Container. Keystore passwords and alias should be same values as for the Platform Container.

Info

Commands configuring keystore properties

Code Block
$ mzsh topo set 'topo://container:<execution container>/obj:common.pico.rcp.tls' \
'{ keystore=<keystore path> }'
$ mzsh topo set 'topo://container:<execution container>/val:common."pico.rcp.tls.keystore.password"' \
<encrypted password>
$ mzsh topo set 'topo://container:<execution container>/val:common."pico.rcp.tls.key.password"' \
<encrypted password>

If aliases are used in the keystore, you can use this to configure the value of the alias.

Code Block
$ mzsh topo set 'topo://container:<execution container>/val:common."pico.rcp.tls.keystore.alias"' \
<encrypted password>

Example,

Code Block
$ mzsh topo set 'topo://container:echost01/obj:common.pico.rcp.tls' \
'{ keystore="/opt/mz/keys/keystore.p12" }'
$ mzsh topo set 'topo://container:echost01/val:common."pico.rcp.tls.keystore.password"' \
'DR_8.1_KEY-1-9E5885A757778BFB153C6C877A7D9A86'
$ mzsh topo set 'topo://container:echost01/val:common."pico.rcp.tls.key.password"' \
'DR_8.1_KEY-1-9E5885A757778BFB153C6C877A7D9A86'
$ mzsh topo set 'topo://container:echost01/val:common."pico.rcp.tls.keystore.alias"' \
1

Run mzsh topo open container to see the property:

Code Block
pico.rcp.tls.keystore="/opt/mz/keys/keystore.p12"
"pico.rcp.tls.keystore.password"="DR_8.1_KEY-1-9E5885A757778BFB153C6C877A7D9A86"
"pico.rcp.tls.key.password"="DR_8.1_KEY-1-9E5885A757778BFB153C6C877A7D9A86"
"pico.rcp.tls.keystore.alias"="1"

  1. In Platform Container, enable client authentication by setting the property pico.rcp.tls.require_clientauth to true.

Code Block
$ mzsh topo set topo://container:<platform container>/val:common.pico.rcp.tls.require_clientauth true

Run mzsh topo open container to see the property:

Code Block
pico.rcp.tls.require_clientauth="true"

  1. Restart the Platform, followed by restarting the ECs.

Legacy Desktop

  1. Copy the keystore file that was created in Enable One-way SSL On RCP from the Platform Container to each of the desktop launcher client machine.

  2. When attempting to log in to the platform, the desktop launcher will display a window stating, 'Instance requires client authentication and no client key is available. Import Client Key?'.

    image-20250117-084206.pngImage Added

  1. Click Yes and browse to the keystore file location.

  2. After clicking OK, you need to enter the keystore password.

...

Scroll ignore
scroll-viewporttrue
scroll-pdftrue
scroll-officetrue
scroll-chmtrue
scroll-htmltrue
scroll-docbooktrue
scroll-eclipsehelptrue
scroll-epubtrue

Next:

4.2.1.2.2 Creating A New Keystore