Configuring Certificate Authority signed security certificates

The topics in this section provide information about configuring AX Server to use a security certificate from a Certificate Authority (CA) to secure HTTPS connections to the server. During installation, self-signed certificates are created for use during testing and for organizations that do not want to purchase a certificate from a CA. If possible, this self-signed certificate should be replaced with a certificate signed by a CA on servers where users will access ACL Analytics Exchange web applications.

You need to complete the following seven steps to configure a security certificate from a CA:

  1. Back up your existing Geronimo configuration file.

  2. Create a new keystore.

  3. Create a certificate signing request (CSR) and send the request to your CA.

  4. Import the certificate, and any required intermediate or root certificates, returned from your CA into your keystore.

  5. Configure Geronimo to use your signed certificate for all secure HTTP requests.

  6. If necessary, install the certificate in the web browser on each computer that will access ACL Analytics Exchange web applications. This is not necessary if the certificate is provided by a CA listed in the Trusted Root Certification Authorities list in Internet Explorer. Large commercial CAs, such as VeriSign, are included in this list.

  7. If you needed to import an intermediate or root certificate when you configured the keystore, it may also be necessary to import the certificates into the Java cacerts file on each end-user computer where AX Client is installed.


(C) 2015 ACL Services Ltd. All Rights Reserved.