Replacing the HTTPS certificate of the Enforce management GUI
Note:
The HTTPS webserver of Vontu uses tomcat. The tomcat config including the SSL certificate keystore file can be found in \Vontu\Protect\tomcat\conf\
The demo certificate is self-signed and uses a keystore file .keystore with alias tomcat and password protect. You will have to replace that file with your own certificate.
keytool -genkeypair -dname "cn=<yourserverurl>, ou=IT, o=<company>, c=<countrycode>" -alias tomcat -keypass protect -keystore .newkeystore -storepass protect -validity 1825
This will create a private/public keypair in a file called .newkeystore. You then have to sign your public key by your CA to make it trusted (to get rid of the browser warning).
In order to do that generate a certificate signing request:
keytool –keystore .newkeystore –alias tomcat -certreq -file signingrequest.csr
The CA administrator will send you back the p7b file (eg. DER encoded, “download CA certification path” link in a Microsoft CA) which has to be imported into the keystore file:
keytool –keystore .newkeystore -importcert -alias tomcat -file CAresponse.p7b
List the contents of the keystore file:
keytool -keystore .keystore -storepass protect -list -v
copy your .newkeystore file to \Vontu\Protect\tomcat\conf\
rename .keystore to .keystore.old
rename .newkeystore to .keystore
restart the Vontu Manager service.
Open the URL with the URL you have given in the cn= part of the certificate creation.
Note:
The keystore file name and password has to be the same as defined in the tomcat webserver config which can be found in the file \Vontu\Protect\tomcat\conf\server.xml