Installing certificates -
Importing the root certificate into the Java KeyStore¶

Follow these instructions on all computers on which a server component of a Servicetrace Robotics solution is installed.

When the Java installation is updated, the Java KeyStore is overwritten.

Therefore, the certificate has to be imported again after an update.

Using a separate Java KeyStore

To avoid having to import the certificate after every update, you can create your own Java KeyStore and use it in Apache Tomcat. You are then responsible for the security of your own KeyStore, however, and any changes that are made to the official Java KeyStore have to be duplicated in your own KeyStore.

Since the Servicetrace web applications use Apache Tomcat, which is Java-based, the root certificate also has to be copied to the Java KeyStore.

If you have installed multiple Java versions, use the Java KeyStore of the version that Apache Tomcat uses.

Determining the Java version used by Apache Tomcat

To determine which Java version of Apache Tomcat is used, open the application Apache Tomcat <version number> > Configure Tomcat.

conf_ImportCert_JavaKeystore_DetermineTomcatJavaVersion

Go to the Java tab. You will see the path to the Java installation that is used in the field Java Virtual Machine.

Import using the KeyStore Explorer application¶

If you have the possibility to install additional applications on your server, you can install the KeyStore Explorer application to simplify certificate imports.

If you want to use the command prompt to execute the import, refer to the section Import using the command prompt.

Determining the certificates already contained in the Java KeyStore¶

To determine which certificates are already contained in the Java KeyStore start the KeyStore Explorer application.

conf_ImportCert_JavaKeystore_KeyStoreExplorer_OpenKeystore

The KeyStore cacerts is located in the directory

<path to java installation>\lib\security

for example, in

C:\Program Files\AdoptOpenJDK\jdk-11.0.6.10-hotspot\lib\security

Choose the menu path File > Open to open this file.

conf_ImportCert_JavaKeystore_KeyStoreExplorer_OpenKeystore_PW

Enter the password for the Java KeyStore. The default password is

changeit

conf_ImportCert_JavaKeystore_KeyStoreExplorer_Keystore_Certificates

You see a list of all trusted certificates.

If your certificate is already contained in this list of trusted certificates, you don’t need to do anything else here and can continue with Configuration of the Internet Information Services (IIS).

Importing the root certificate¶

conf_ImportCert_JavaKeystore_KeyStoreExplorer_Keystore_Certificates_Import

If your certificate is not yet contained in the list of trusted certificates, import the root certificate using the Import Trusted Certificate icon.

Import using the command prompt¶

Determining the certificates already contained in the Java KeyStore¶

To import a certificate into the Java KeyStore, use the Microsoft Windows command prompt.

conf_ImportCert_WinKeystore_RunMMC_Start

conf_ImportCert_WinKeystore_RunMMC_Run

To open the command prompt, open the Start menu, click Run, and enter

cmd.exe

in the input field.

conf_ImportCert_JavaKeystore_CMD_ListCertificates

First enter the command

keytool -list -keystore "<path to java installation folder>\lib\security\cacerts" -v

e.g.

keytool -list -keystore "Program Files\AdoptOpenJDK\jdk-11.0.6.10-hotspot\lib\security\cacerts" -v

and then the password of the Java KeyStore, followed with RETURN each time.

The default password for the Java KeyStore is

changeit

All certificates already contained in the Java KeyStore are now listed.

The names of the certificates are displayed in the property Alias name; the individual certificates are sorted alphabetically by Alias name and separated from one another by two rows of asterisks (*).

If your certificate is already contained in this list of trusted certificates, you don’t need to do anything else here and can continue with Configuration of the Internet Information Services (IIS).

Importing the root certificate¶

conf_ImportCert_JavaKeystore_CMD_ImportCertificate

If your certificate is not yet contained in the list of trusted certificates, import the root certificate by entering the command

keytool -importcert -alias "<alias name>" -keystore "<path to keystore file>" -file "<path to certificate folder>\<certificate name>.cer"

e.g.

keytool -importcert -alias "servicetrace_root_ca" -keystore "C:\Program Files\AdoptOpenJDK\jdk-11.0.6.10-hotspot\lib\security\cacerts" -file "C:\Temp\Certificates\My_Root_CA.crt"

in the command prompt and pressing RETURN.

The alias name can be chosen freely, but must be unique.

Then enter the password for the Java KeyStore and press Return.

The default password for Java Keystores is

changeit

When the confirmation prompt Trust this certificate? [no] is displayed, choose

yes

to confirm that you trust the certificate and press RETURN.

Installing certificates - Importing the root certificate into the Java KeyStore¶

Import using the KeyStore Explorer application¶

Determining the certificates already contained in the Java KeyStore¶

Importing the root certificate¶

Import using the command prompt¶

Determining the certificates already contained in the Java KeyStore¶

Importing the root certificate¶

Installing certificates -
Importing the root certificate into the Java KeyStore¶