KEMBAR78
Configuring Web LMCertificates | PDF | Internet | Computer Networking
Scribd
Upload
80 views3 pages

Configuring Web LMCertificates

Uploaded by

com scop22
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
80 views3 pages

Configuring Web LMCertificates

Uploaded by

com scop22
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Steps to update WebLM static SIPCA signed certificates with 1024-bit key size to

certificates with 2048-bit key size

WebLM Adopting Product: AAEP

Deployment Details:

 Master WebLM is a non-VE standalone deployment


 Local WebLM is co-hosted with AAEP (non-VE)
 Master and Local WebLM are at R6.3
 AAEP is integrated with WebLM Java client
 WebLM server is hosting licenses for AAEP alone
 The master WebLM allocates licenses to the local WebLM.
 WebLM Java client retrieves licenses from the Local WebLM.

Assumptions:

 Certificates with 2048-bit key size will be provided by adopting product or customer.
Steps for updating certificates:

Step 1: Update client truststore

 Locate trusted_weblm_certs.jks and trustedcert.properties file used by the WebLM Java client
on AAEP
 Import CA certificate of 2048-bit key size that will be used on master WebLM server into the
client truststore trusted_weblm_certs.jks using keytool command as follows:

keytool -import -keystore trusted_weblm_certs.jks -alias weblm -file weblmserver.pem


where -
trusted_weblm_certs.jks – WebLM truststore used by WebLM Java client. The command should
be run from directory where the file exists
weblmserver.pem – this is the PEM encoded certificate that will be used on server side

When the command is run, user will be prompted to enter password. Ensure that the same
password mentioned in trustedcert.properties file is entered here.
 A restart of AAEP may be required for changes to take effect

Step 2: Update certificates on master WebLM

Suppose that the certificate with 2048-bit key size and the associated key is available. We can rename
the certificate to weblm.crt and the key file to weblm.key. Suppose that they are copied over to
directory /opt/certs.

 Stop Tomcat
 For the <Connector> tag for port 8443 (used for WebLM) in $CATALINA_HOME/conf/server.xml
file, update following attributes:
o SSLCertificateFile="/opt/certs/weblm.crt" (ensure that we point to the new certificate
file and location)
o SSLCertificateKeyFile="/opt/certs/weblm.key" (ensure that we point to the new key file
and location)
o SSLPassword="password" (ensure that the password associated with new certificate/key
is entered here. “password” is the default password and is mentioned here as an
example)
 Save changes to server.xml file
 Copy updated trusted_weblm_certs.jks file from step 1 where new certificates were imported
into $CATALINA_HOME/webapps/WebLM/admin folder. Ensure correct password is mentioned
in $CATALINA_HOME/webapps/WebLM/admin/trustedcert.properties file.
 Start Tomcat

Step 3: Update certificates on local WebLM


We must use the same certificates as the ones used in step 2.

Since Apache HTTP or some other server is used as a proxy server on the local WebLM side which then
routes the request to Tomcat, the certificate configuration needs to be done at the proxy server side.
Documentation for this should be provided by AAEP team.

Apart from configurations for port 8443 on local WebLM, following step needs to be performed:

 Stop Tomcat
 Copy updated trusted_weblm_certs.jks file from step 1 where new certificates were imported
into $CATALINA_HOME/webapps/WebLM/admin folder. Ensure correct password is mentioned
in $CATALINA_HOME/webapps/WebLM/admin/trustedcert.properties file.
 Start Tomcat

You might also like