Follow the steps below to configure TLS. For instructions on how to include client authentication (two-way authentication), see 4.2.3 Enabling Client Authentication.

Setting Up with a New Keystore File

Run the mzsh keytool generate command to create a new certificate and keystore file. The certificate generated by the command will have the alias: Platform.

1. Create a keystore in the Platform Container.

   $ mzsh keytool generate -k <keystore file> --enable-tls rcp

   Example - Creating a keystore

   $ mzsh keytool generate -k $MZ_HOME/keys/container.keys --enable-tls rcp

2. Restart the Platform to enable TLS over RCP.

Setting Up With an Existing Keystore File

Run the mzsh keytool command with the enable-tls option when an existing keystore already exists in the installation.

1. Enable the TLS protocol over HTTP.

   $ mzsh keytool enable-tls rcp -k <keystore file> -a <alias>

   Example

   $ mzsh keytool enable-tls rcp -k $MZ_HOME/keys/container.keys -a platform

2. Restart the Platform to enable TLS over RCP.