Configuring the custom SSL Certificate for DPA
DPA users would like to use their own SSL certificate for the DPA website in many scenarios.
The DPA uses Tomcat as the web hosting application,
We can use a third-party application to import the certificate/key file into the keystore file.
Note: backup the .keystore and server.xml files in <DPA-dir>\iwc\tomcat\conf prior to any configurations changes
Using Portecle application.
Portecle is a java based application, and it would require a JAVA runtime environment to open the application.
Since DPA installation already has Java installed, we can use the existing Java application to run the Jar file.
In the CMD, run the below command.
Note: The command should not contain the spaces (Program Files)
To avoid this, first change the directory to the JRE folder and then run the command to open the portecle.jar
Windows: <DPA-dir>\iwc\jre\bin\java.exe -jar <Portecle-dir>\portecle.jar
Linux: <DPA-dir>/iwc/jre_linux/bin/java -jar <Portecle-dir>/portecle.jar
Assuming the user already has the signed certificate in .jks, .p12, .pfx , .pem formats
- Open the current keystore by clicking File > Open Keystore File.
- Browse into the <DPA-dir>\iwc\\tomcat\conf
Select the ’All files ‘ in ’Files of Type ‘field
- Open the .keystore file. When prompted, enter ‘changeit’ as the password
Note: the default password is ‘changeit’ unless your administrator did not change the default password to something else.
- By default, the DPA will assign a self-signed certificate to the website.
You can verify that by right-click on the tomcat > Certificate details
Review the certificate details.
- Remove the existing tomcat entry by
Right click on Tomcat and delete.
- Importing the new key pair
Tools > Import Key pair
- Select new .pfx file.
- Enter the administrator provided key pair password.
Click on the Certificate details and verify the information.
- Enter tomcat for alias.
- Enter password
Note: Here we can use the default password ‘changeit’
If we choose to have our own password, we must update the password in the server.xml
- File > Save Keystore
- Verify the certificate details right-click on the tomcat > Certificate details
- Restart DPA services by running the ‘shutdown’ and ‘startup’ windows batch files
If the password entered in step 10 is an own password
- Open the server.xml file in <DPA-dir>\iwc\tomcat\conf
- Add the following attributes in
- Save the xml file
1. If required, we can change the default DPA website port as per the requirement. In the above test platform, I have changed it to port 443 where the DPA website is now accessible on port 443.
2. We can use another .keystore file instead of the default if required. Update the correct keystorefile value to point to the necessary file.
Perform the service restart in DPA.