KBEC-00217 - Flow server SSL configuration

Problem

This article describes how to replace the server certificate if it fails the security scan.

Description

There are three relevant configuration entries in the server/conf/commander.properties file:

COMMANDER_HTTPS_PORT=8443
COMMANDER_KEYSTORE=conf/keystore
COMMANDER_KEYSTORE_PASSWORD=abcdef
  • COMMANDER_HTTPS_PORT configures the SSL port.
  • COMMANDER_KEYSTORE is the location of the java keystore where the Commander HTTP server finds its host certificate
  • COMMANDER_KEYSTORE_PASSWORD is the password to the keystore

Solution

Follow these steps to generate and inject a self-signed certificate for 1 year.

1) Back up the keystore file.

2) Delete the original key.

atumarkin@ATUMARKIN /cygdrive/c/ProgramData/Electric Cloud/ElectricCommander/conf

$ "c:/Program Files/Electric Cloud/ElectricCommander/jre/bin/keytool" -delete -alias jetty -keystore keystore -keypass passkey
Enter keystore password: abcdef

3) Generate and inject a new certificate.

 

atumarkin@ATUMARKIN /cygdrive/c/ProgramData/Electric Cloud/ElectricCommander/conf

$ "c:/Program Files/Electric Cloud/ElectricCommander/jre/bin/keytool" -keystore keystore -alias jetty -genkey -keyalg RSA -sigalg MD5withRSA -validity 365
Enter keystore password: abcdef
What is your first and last name?
[Unknown]: localhost
What is the name of your organizational unit?
[Unknown]: <Enter>
What is the name of your organization?
[Unknown]: <Enter>
What is the name of your City or Locality?
[Unknown]: <Enter>
What is the name of your State or Province?
[Unknown]: <Enter>
What is the two-letter country code for this unit?
[Unknown]: <Enter>
Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct
?
[no]: yes

Enter key password for <jetty>
(RETURN if same as keystore password): <Enter>

 

4) Restart the server.

Your new certificate will look something like this:

 

atumarkin@ATUMARKIN /cygdrive/c/ProgramData/Electric Cloud/ElectricCommander/conf

$ "c:/Program Files/Electric Cloud/ElectricCommander/jre/bin/keytool" -list -v -keystore keystore -keypass passkey
Enter keystore password: abcdef

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: jetty
Creation date: Jan 31, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Serial number: 4f28603f
Valid from: Tue Jan 31 13:42:23 PST 2012 until: Wed Jan 30 13:42:23 PST 2013
Certificate fingerprints:
MD5: 38:50:CD:29:8C:16:3A:78:29:0F:45:56:E0:CA:42:D9
SHA1: 9B:A3:E4:EA:A7:C0:3A:ED:BF:63:24:18:F0:08:78:22:59:85:BC:8A
Signature algorithm name: MD5withRSA
Version: 3


*******************************************
*******************************************

 

References

Have more questions? Submit a request

Comments

Powered by Zendesk