{"type":"doc","content":[{"type":"paragraph","content":[{"text":"If you prefer to use different new Keystore for remote picos, follow these steps.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Execution Context","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"First, ensure that the keystore property is set in your platform container as a result of enabling one-way SSL on RCP. Refer ","type":"text"},{"text":"Enable One-way SSL On RCP","type":"text","marks":[{"type":"link","attrs":{"href":"https://infozone.atlassian.net/wiki/spaces/MD83/pages/451248692"}}]},{"text":".","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"\"pico.rcp.tls.keystore\"=\"/opt/mz/keys/keystore.p12\"","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Create a Keystore and Key Pair on Each Execution Container","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"For each Execution Container, generate a keystore and a key pair (private key and corresponding public certificate). This keystore will store the private key and the certificate.","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Export the Certificates from Execution Containers","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"For each Execution Container, export the public certificate from its keystore.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Run the following command to export the Execution Container public certificate:","type":"text"}]}]},{"type":"listItem","content":[{"type":"codeBlock","attrs":{"language":"plaintext"},"content":[{"text":" $ keytool -keystore -export -rfc -alias -file ","type":"text"}]},{"type":"paragraph","content":[{"text":"For example, in the Execution Container, the created keystore file is ","type":"text"},{"text":"eckeystore.p12","type":"text","marks":[{"type":"code"}]},{"text":". Run this command to export the Execution Container's public certificate to a file named ","type":"text"},{"text":"ec_pubcert.pem","type":"text","marks":[{"type":"code"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"$ keytool -keystore eckeystore.p12 -export -rfc -alias ec -file ec_pubcert.pem","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Import the Execution Container Certificates to the Platform Container","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Import the exported certificates from each Execution Container into the Platform Container's truststore. This allows the Platform Container to trust each Execution Container.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Copy the Execution Container’s public certificate to Platform container.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Run the following command to import the Execution Container’s public certificate into the Platform keystore set in ","type":"text"},{"text":"pico.rcp.tls.keystore","type":"text","marks":[{"type":"code"}]},{"text":":","type":"text"}]}]},{"type":"listItem","content":[{"type":"codeBlock","attrs":{"language":"plaintext"},"content":[{"text":"$ keytool -import -alias -file -keystore -keypass -storepass ","type":"text"}]},{"type":"paragraph","content":[{"text":"For example, the Platform keystore set in the property ","type":"text"},{"text":"pico.rcp.tls.keystore","type":"text","marks":[{"type":"code"}]},{"text":" is ","type":"text"},{"text":"$MZ_HOME/keys/keystore.p12","type":"text","marks":[{"type":"code"}]},{"text":". Set the alias name to 'ec'.","type":"text"}]}]},{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"keytool -import -alias ec -file ec_pubcert.pem -keystore $MZ_HOME/keys/keystore.p12 -keypass mzadmin -storepass mzadmin","type":"text"}]},{"type":"paragraph","content":[{"text":"Run this command to view the keystore.","type":"text"}]}]},{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"$ keytool -list -keystore $MZ_HOME/keys/keystore.p12 -storepass mzadmin","type":"text"}]},{"type":"paragraph","content":[{"text":"You should see two entries: ","type":"text"},{"text":"alias 1","type":"text","marks":[{"type":"code"}]},{"text":" is the Platform keystore (PrivateKeyEntry), and ","type":"text"},{"text":"alias ec","type":"text","marks":[{"type":"code"}]},{"text":" is the Execution Container keystore (trustedCertEntry).","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Export the Platform Container Certificate","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Export the public certificate from the Platform Container's keystore.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Run the following command to export the Platform Container public certificate:","type":"text"}]}]},{"type":"listItem","content":[{"type":"codeBlock","attrs":{"language":"plaintext"},"content":[{"text":" $ keytool -keystore -export -rfc -alias -file ","type":"text"}]},{"type":"paragraph","content":[{"text":"For example, in the Platform Container, the created keystore file is ","type":"text"},{"text":"keystore.p12","type":"text","marks":[{"type":"code"}]},{"text":". Run this command to export the Platform Container's public certificate to a file named ","type":"text"},{"text":"platform_pubcert.pem","type":"text","marks":[{"type":"code"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"$ keytool -keystore keystore.p12 -export -rfc -alias 1 -file platform_pubcert.pem","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Import the Platform Container Certificate to Execution Containers","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Import the exported Platform Container certificate into the truststore of each Execution Container. This allows the Execution Containers to trust the Platform Container.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Copy the Platform public certificate to Execution container.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Run the following command to import Platform public certificate:","type":"text"}]}]},{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"$ keytool -import -alias -file -keystore -keypass -storepass ","type":"text"}]},{"type":"paragraph","content":[{"text":"For example, the Execution Container keystore saved in location ","type":"text"},{"text":"$MZ_HOME/keys/keystore.p12","type":"text","marks":[{"type":"code"}]},{"text":". Set the alias name to '1'.","type":"text"}]}]},{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"$ keytool -import -alias 1 -file platform_pubcert.pem -keystore $MZ_HOME/keys/keystore.p12 -keypass mzadmin -storepass mzadmin","type":"text"}]},{"type":"paragraph","content":[{"text":"Run this command to view the keystore.","type":"text"}]}]},{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"$ keytool -list -keystore $MZ_HOME/keys/keystore.p12 -storepass mzadmin","type":"text"}]},{"type":"paragraph","content":[{"text":"You should see two entries: ","type":"text"},{"text":"alias ec","type":"text","marks":[{"type":"code"}]},{"text":" is the Execution Container keystore (PrivateKeyEntry), and ","type":"text"},{"text":"alias 1","type":"text","marks":[{"type":"code"}]},{"text":" is the Platform Container keystore (trustedCertEntry).","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Set the RCP TLS properties in the Execution Container:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Use ","type":"text"},{"text":"mzsh topo set","type":"text","marks":[{"type":"code"}]},{"text":" to set these properties:","type":"text"}]}]},{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"$ mzsh topo set 'topo://container:/obj:common.pico.rcp.tls' \\\n'{ keystore= }'\n$ mzsh topo set 'topo://container:/val:common.\"pico.rcp.tls.keystore.password\"' \\\n\n$ mzsh topo set 'topo://container:/val:common.\"pico.rcp.tls.key.password\"' \\\n","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Example,","type":"text"}]}]},{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"$ mzsh topo set 'topo://container:echost01/obj:common.pico.rcp.tls' \\\n'{ keystore=\"/opt/mz/keys/eckeystore.p12\" }'\n$ mzsh topo set 'topo://container:echost01/val:common.\"pico.rcp.tls.keystore.password\"' \\\n'DR_8.1_KEY-1-9E5885A757778BFB153C6C877A7D9A86'\n$ mzsh topo set 'topo://container:echost01/val:common.\"pico.rcp.tls.key.password\"' \\\n'DR_8.1_KEY-1-9E5885A757778BFB153C6C877A7D9A86'\n$ mzsh topo set 'topo://container:echost01/val:common.\"pico.rcp.tls.keystore.alias\"' \\\n1","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Note that \"pico.rcp.tls.keystore.alias\" must be the alias name of the Execution Container keystore’s PrivateKeyEntry.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"For example, ","type":"text"}]}]},{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"pico.rcp.tls.keystore=\"/opt/mz/keys/keystore.p12\"\n\"pico.rcp.tls.keystore.password\"=\"DR_8.1_KEY-1-9E5885A757778BFB153C6C877A7D9A86\"\n\"pico.rcp.tls.key.password\"=\"DR_8.1_KEY-1-9E5885A757778BFB153C6C877A7D9A86\"\n\"pico.rcp.tls.keystore.alias\"=\"ec\"","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In Platform Container, enable client authentication by setting the property ","type":"text"},{"text":"pico.rcp.tls.require_clientauth","type":"text","marks":[{"type":"code"}]},{"text":" to","type":"text"},{"text":" true","type":"text","marks":[{"type":"code"}]},{"text":".","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"$ mzsh topo set topo://container:/val:common.pico.rcp.tls.require_clientauth true","type":"text"}]},{"type":"paragraph","content":[{"text":"Example,","type":"text"}]}]},{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"mzsh topo set topo://container:platform/val:common.pico.rcp.tls.require_clientauth true","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Run ","type":"text"},{"text":"mzsh topo open container","type":"text","marks":[{"type":"code"}]},{"text":" to see the property:","type":"text"}]}]},{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"pico.rcp.tls.require_clientauth=\"true\"","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Restart the Platform, followed by restarting the ECs.","type":"text"}]}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"If the Platform property ","type":"text"},{"text":"pico.rcp.tls.require_clientauth","type":"text","marks":[{"type":"code"}]},{"text":" is enabled and the Platform is restarted while the Execution Container RCP TLS properties are not yet set, you will not be able to execute ","type":"text"},{"text":"mzsh topo set","type":"text","marks":[{"type":"code"}]},{"text":" or ","type":"text"},{"text":"mzsh topo open container","type":"text","marks":[{"type":"code"}]},{"text":". Therefore, ensure that all Execution Container RCP TLS properties are properly configured before enabling ","type":"text"},{"text":"pico.rcp.tls.require_clientauth","type":"text","marks":[{"type":"code"}]},{"text":" in the Platform container.","type":"text"}]}]},{"type":"paragraph"},{"type":"heading","attrs":{"level":2},"content":[{"text":"Legacy Desktop","type":"text"}]},{"type":"paragraph","content":[{"text":"When client authentication is enabled, each desktop installation must authenticate itself to the Platform using a private key. Desktop can use the same Keystore file from Platform Container.","type":"text"}]},{"type":"paragraph","content":[{"text":"If you prefer to use a different keystore file for the desktop client connection, follow these steps:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Run the following command to create a keystore that contains a private key.","type":"text"}]},{"type":"codeBlock","content":[{"text":"$ keytool -genkey -keystore -alias client -keyalg RSA -keysize 2048 -storetype PKCS12","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":" For example, this command creates a keystore file named ","type":"text"},{"text":"clientkey.keys","type":"text","marks":[{"type":"code"}]},{"text":".","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"$ keytool -genkey -keystore clientkey.keys -alias client -keyalg RSA -keysize 2048 -storetype PKCS12","type":"text"}]}]}]},{"type":"orderedList","attrs":{"order":2},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Create a certificate file that is associated with the key that you created in the previous step.","type":"text"}]},{"type":"codeBlock","content":[{"text":"$ keytool -keystore -exportcert -alias -file ","type":"text"}]},{"type":"paragraph","content":[{"text":"For example, this command generates a certificate named ","type":"text"},{"text":"clientcert.cer","type":"text","marks":[{"type":"code"}]},{"text":".","type":"text"}]}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"$ keytool -keystore clientkey.keys -exportcert -alias client -file clientcert.cer","type":"text"}]}]}]},{"type":"orderedList","attrs":{"order":4},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Copy the keystore file created above to the host where the Desktop Launcher will be run.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Copy the certificate file created above to Platform Container.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Import the certificate to the platform.","type":"text"}]},{"type":"codeBlock","content":[{"text":"$ keytool -keystore -import -file -alias ","type":"text"}]},{"type":"paragraph","content":[{"text":"For example, this command import certificate to Platform keystore.","type":"text"}]}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"codeBlock","content":[{"text":"$ keytool -keystore $MZ_HOME/keys/keystore.p12 -import -file clientcert.cer -alias clientcert","type":"text"}]}]}]},{"type":"paragraph","marks":[{"type":"indentation","attrs":{"level":1}}],"content":[{"text":"If you view the keystore, you should see the entry of ","type":"text"},{"text":"alias clientcert","type":"text","marks":[{"type":"code"}]},{"text":" which is the Client desktop keystore (trustedCertEntry).","type":"text"}]},{"type":"orderedList","attrs":{"order":5},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Open the Desktop Launcher.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Right-click on a MediationZone instance and then select ","type":"text"},{"text":"Instance Settings","type":"text","marks":[{"type":"strong"}]},{"text":" from the popup menu. Select the ","type":"text"},{"text":"Security","type":"text","marks":[{"type":"strong"}]},{"text":" tab.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Right-click on the text field under ","type":"text"},{"text":"Client Key","type":"text","marks":[{"type":"strong"}]},{"text":" and select ","type":"text"},{"text":"Import Key From File","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Select the keystore file from step 1 and Click Open.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Enter Keystore password and click OK to add into ","type":"text"},{"text":"Client Key","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click OK to close the Security tab and proceed with Login.","type":"text"}]}]}]},{"type":"bodiedExtension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"scroll-ignore","parameters":{"macroParams":{"scroll-viewport":{"value":"true"},"scroll-pdf":{"value":"true"},"scroll-office":{"value":"true"},"scroll-chm":{"value":"true"},"scroll-html":{"value":"true"},"scroll-docbook":{"value":"true"},"scroll-eclipsehelp":{"value":"true"},"scroll-epub":{"value":"true"}},"macroMetadata":{"macroId":{"value":"8971f68f-d494-414b-ae9c-4171595db5ed"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"icon","data":{"url":"https://scroll-exporter-extensions.us.exporter.k15t.app/static/assets/images/macro-icons/scroll-ignore.svg"}}],"title":"Scroll Ignore"}},"localId":"3c1cbf13-c185-489a-9f7d-773476efb712"},"content":[{"type":"table","attrs":{"layout":"default","width":1800.0,"localId":"200d1f09-045c-4456-bf08-f3d500d04c4b"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Next:","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"4.2.1.3 RCP TLS Properties","type":"text","marks":[{"type":"link","attrs":{"href":"https://infozone.atlassian.net/wiki/spaces/MD83/pages/452067342"}}]},{"text":" ","type":"text"}]}]}]}]}]}],"version":1}

Browser not supported