Using Custom Keystores and Certificates

When Host Integrator is installed it generates and stores a key and certificate in a keystore for secure access to the Host Integrator session server and Web server.

To resolve browser/client certificate security warnings, if you do not want to trust the self-signed certificates, you can provide custom keystores and CA-signed security certificates.

The key and certificate chain provided by your Certificate Authority (CA) must use FIPS validated algorithms and strengths.

To use a CA-signed certificate in Host Integrator Web services

The SOAP stack uses the certificate for authenticating itself to HTTPS clients.

  1. The key and certificate chain provided by your CA must be in a keystore in either BCFKS format or a PKCS12 format with strong encryption (PBE-SHA1-3DES). Rename the file server.bcfks and copy it over the existing server.bcfks file in folder %VHI_ROOT%/sesssrvr/etc.
  2. Locate the Java keytool.exe utility in the following directory:
  3. Run keytool with an appropriate command line, including the following parameters:
  4. When prompted for a password enter not-secure. Both the key and keystore must use that password.
  5. Restart the session server.

For more information on using the Java keytool, see the Oracle documentation.

To use a CA-signed certificate in the Host Integrator Web server

This certificate is used for HTTPS to the Host Integrator Web server.


Related Topics
Bullet About Verastream Web Services
Bullet Testing Web Services
Bullet Web Service Security