Versions Compared

Old Version 3

changes.mady.by.user Kevin Wu

Saved on

compared with

New Version Current

changes.mady.by.user Kevin Wu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Example - Retrieving the values from the Platform Container

Code Block
languagebash
$ mzsh topo get --format data-only topo://container:<platform container>/val:common.pico.rcp.tls.keystore
$ mzsh topo get --format data-only topo://container:<platform container>/val:common.pico.rcp.tls.keystore.password
$ mzsh topo get --format data-only topo://container:<platform container>/val:common.pico.rcp.tls.key.password

if aliases are used in the keystore, you can use this for retrieving the value of the alias used by the Platform certificate.

Code Block
languagebash
$ mzsh topo get --format data-only topo://container:<platform container>/val:common.pico.rcp.tls.keystore.alias
Info

Example - Configuring keystore properties

Code Block
languagebash
$ mzsh topo set 'topo://container:<execution container>/obj:common.pico.rcp.tls' \
'{ keystore=${mz.home}"/keys" }'
 
$ mzsh topo set 'topo://container:<execution container>/val:common."pico.rcp.tls.keystore.password"' \
<encrypted password>
 
$ mzsh topo set 'topo://container:<execution container>/val:common."pico.rcp.tls.key.password"' \
<encrypted password>

If aliases are used in the keystore, you can use this to configure the value of the alias.

Code Block
languagebash
$ mzsh topo set 'topo://container:<execution container>/val:common."pico.rcp.tls.keystore.alias"' \
<encrypted password>

...

  1. There are two methods that you can use to make the client/server certificates available on all containers.

    1. Copy the keystore file that was created in TLS Standard Setup from the Platform Container to each of the Execution Containers. The target path is specified by the property pico.rcp.tls.keystore.

    2. Create a keystore and key pair on each Execution Container, then export and import the certficates. The certificate from the Platform Container must be exported to all Execution Containers. The certificates from the Execution Containers must be exported to the Platform Container.

      Run the following command to export a certificate:

      Code Block
      languagetext
       $ keytool -keystore <keystore file> -export -rfc -alias <alias_name> -file <certificate filename>

    Info
    titleExample - Exporting a certificate


    Code Block
    languagetext
    themeEclipse
    $ keytool -keystore $MZ_HOME/keys/container.keys -export -rfc -alias platform -file $MZ_HOME/keys/platform.pem


    Run the following command to import a certificate:

    Code Block
    languagetext
    $ keytool -import -alias <alias_name> -file <certificate_file_name> -keystore <keystore file> -keypass <password> -storepass <password>


    Info
    titleExample - Importing a certificate


    Code Block
    languagetext
    themeEclipse
    $ keytool -import -alias platform -file $MZ_HOME/keys/container.pem -keystore $MZ_HOME/keys/container.keys -keypass changeit -storepass changeit



  2. Enable client authentication by setting the property pico.rcp.tls.require_clientauth to true.

...