Back to Search Back to Search Results

Install Server Certificate in Local Keystore

In order for tdsync to connect to an https Titania Delivery server, the server's certificate must be downloaded and installed in the local java certificate store.

This document describes two different methods for installing a secure TD certificate on a local machine (PC, Mac, or Unix platform) in order to run tdsync. This should be done by a system administrator. Additional third-party software applications may be required, depending on the method.

Notice: Oberon Technologies makes no endorsement of these applications and cannot provide support for them. The user should comply with all site requirements for installation and use of third-party software. Oberon Technologies accepts no responsibility for any unintended consequences of running these applications.

You'll need to know the hostname of the Titania Delivery server that you intend to connect to. That will be represented with td-host in the following examples.

Locate the java certificate store in your system's JAVA_HOME directory. This may vary depending on your java installation, but will typically be like JAVA_HOME/lib/security/cacerts. That location will be represented with cacerts-file in the following examples.

Note: This file will probably be password-protected. The typical default password is "changeit", but this might have been changed to improve security on your machine. Consult a local system or security administrator if the default password does not work.

Install certificate using KeyStore Explorer

KeyStore Explorer is an open-source GUI application for working with Java keystores. It can be downloaded from http://keystore-explorer.org/. These instructions are for KeyStore Explorer v5.4.4. Other versions may differ in some details.

  1. Start KeyStore Explorer as administrator.
  2. Select ExamineExamine SSL.
  3. Enter the td-host in the SSL Host field.
  4. Check Enable Client Authentication.
  5. Browse to cacerts-file location and enter it in the KeyStore field.
  6. Click OK. The Certificate Details page will appear.
  7. Click Import on the Certificate Details page.
  8. Save the cacerts-file.
  9. Close the KeyStore Explorer application.

Install certificate using openssl and keytool

openssl is an open-source software toolkit for working with Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. Source and binary distributions can be found from the https://www.openssl.org/ website. openssl is installed by default on many Unix platforms.

keytool is a command-line tool that is supplied with most Java Development Kit (jdk) installations.

  1. Issue the following openssl command to obtain the certificate from the server. (You can name the downloaded certificate whatever you like instead of "td-cert.crt".

    In a Windows Powershell console, use a command like this (do not include line breaks in command): 

    $null | openssl s_client -showcerts -connect {td-host} 2>$null |
    openssl x509 > td-cert.crt

    In a bash terminal, use a command like this (do not include line breaks in command): 

    openssl s_client -showcerts -connect {td-host} </dev/null 2>/dev/null |
    openssl x509 > td-cert.crt

  2. Install the certificate (do not include line breaks in command). You can use any alias value (instead of "td-cert"), perhaps using the hostname of the TD server. 
    keytool -import -trustcacerts -keystore {cacerts-file} -storepass
            changeit -noprompt -alias td-cert -file
            td-cert.crt
Parent topic: Installation