The encryption requires an existing keystore file or a new keystore generated using the command mzsh keytool generate. For further information about using keytool, see the JDK product documentation.

Setting Up with a New Keystore File

Run the mzsh keytool generate command to create a new certificate and keystore file. The certificate generated by the command will have the alias: Platform.

1. Create a keystore in the Platform Container.

   $ mzsh keytool generate -k <keystore file> --enable-tls http

   Example - Creating a keystore

   $ mzsh keytool generate -k $MZ_HOME/keys/container.keys --enable-tls http

2. Change the URL schema for the platform container.

   $ mzsh topo env --update-mz-platform https://<ip/hostname>:<port>

3. Restart the system, including all Desktops.

Setting Up with an Existing Keystore File

Run the mzsh keytool command with the enable-tls option when an existing keystore already exists in the installation.

1. Enable the TLS protocol over HTTP.

   $ mzsh keytool enable-tls http -k <keystore file> -a <alias>

   Note!

   The alias must match the alias configured in the Container Properties, see 2.6.2 Container Properties.

   Example

   $ mzsh keytool enable-tls http -k $MZ_HOME/keys/container.keys -a platform

2. Change the url schema for the platform container.

   $ mzsh topo env --update-mz-platform https://<ip/hostname>:<port>

   Note!

   If a trusted certificate has been configured, an FQDN (Fully Qualified Domain Name) must be configured for the URL matching the FQDN of the certificate subject.

3. Restart the system including all Desktops.