You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Nomitech applications allow the use of SSL within our applications, however Nomitech Support does not provide assistance for configuring it. Consequently, Nomitech can not guarantee providing any support for it.

  • If assistance with conversions of certificates is required, please consult with the vendor who provided the certificate.
  • If assistance with configuration is required, please raise a question on Nomitech Support

Connecting via SSL

In many cases the Active Directory uses a Self-Signed Certificate, or a Signed Certificate that is Signed by a non-trusted Root Certificate. When the CostOS Server tries to connect using the SSL port it will fail, since it does not trust the connection.

To bypass this problem we can import the Certificate of the Active Directory directly to the keystore used by the CostOS Server.


Exporting the Certificate from the Active Directory

Run the following on the server hosting the Active Directory

  1. Go to Run and type the mmc.exe command.
  2. Go to File and choose the Add/Remove Snap-in option.
  3. In Add or Remove Snap-ins, select the Certificates snap-in, and click on Add.
  4. In the Certificates snap-in dialog box, choose the Computer account option and click on Next.
  5. In the Select Computer dialog box, choose the Local Computer option and click on Finish.
  6. Expand the Certificates option and look for the CA Certificate to be exported. This certificate is normally located under Personal > Certificates.
  7. Double-click on the CA certificate to be exported.
  8. In the Certificate dialog box, choose the Details tab and then choose Copy to File.
  9. The Certificate Export Wizard appears. Choose Next. Note that there is no need to export the private key.
  10. On the Export File Format page, select the Base-64 encoded binary X.509(.CER) option.
  11. Choose Next.
  12. In the File to Export box, choose the path and name for the certificate, and choose Next.
  13. Choose Finish. The .cer file will be created in the location specified in the previous step.
  14. Finally, a dialog box will appear to inform the user that the export was successful. Choose OK to finish

Importing the Certificate to CostOS Server

On the following commands

  • %COSTOS% is the installation folder of Costos Server
  • %JAVA_HOME% is the %COSTOS%\jdk\ folder or %COSTOS%\Rjre\ depending on the version
  • %ALIAS% is an alias that you can choose of your own
  • %CERT_FILE% is the full path to the certificate you have extracted from the first part

Run the following on the server hosting the Costos Server

"%JAVA_HOME%\bin\keytool" -import -alias %ALIAS% -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -file %CERT_FILE%

If the above command asks you for a password the default is 'changeit' without the quotes

Restart the CostOS server

 

Deleting a certificate from CostOS Server

On the following commands

  • %COSTOS% is the installation folder of Costos Server
  • %JAVA_HOME% is the %COSTOS%\jdk\ folder or %COSTOS%\Rjre\ depending on the version
  • %ALIAS% is an alias that you can choose of your own
  • %CERT_FILE% is the full path to the certificate you have extracted from the first part

Run the following on the server hosting the Costos Server

"%JAVA_HOME%\bin\keytool" -delete -alias %ALIAS% -keystore "%JAVA_HOME%\jre\lib\security\cacerts"

  • No labels