Web Certificates

Use the following instructions for to add your own SSL certificate to the Situate embedded web server.

Out-Of-The-Box

Situate's web container will ship with a self-signed certificate that will allow it to work with the Situate web interface. If a customer would like to avoid the browser warnings for invalid SSL certificate they will need to purchase or generate their own certificate and install it on the Situate server.

Building and Installing a Self-Signed Certificate

These instructions will help you build and install your own self-signed certificate.

Step 1. Generate Self-Signed Cert

Using the Java “keystore” command execute the following command to generate a proper key. When prompted for the keystore password use “xonaks”. The certificate key CN must match the fully qualified hostname where the web container is running. Therefore, when prompted for the first and last name make sure to enter the FQN. NOTE: You must use the keystore name as specified in the command.

> keytool -keystore web-container-keystore -alias situate -genkey -keyalg RSA -keysize 2048 -validity 1095

Step 2. Install Keystore File

Once the keystore has been created in Step 1, a keystore file named "web-container-keystone" should have been generated. Copy this file to the Situate web server host in the directory /opt/situate/security.

Step 3. Restart Situate Server Web Container

Once the keystore has been copied into place. It is necessary to restart the Situate web server. In many cases and by default, the Situate web server is running within the Situate server name space. Therefore, a restart of the Situate server is necessary.

Loading an Existing Certificate

WARNING

Note: If prompted for a keystore or other password when performing the following steps, use “xonaks”.

Step 1. Create a cert chain

A certificate chain file must first be created. Use the following command to generate the concatenated file.

> cat www_xonasoftware_com.crt DigiCertCA.crt > cert-chain.txt

Step 2. Generate PKCS12 format from certificate chain file

> cat www_xonasoftware_com.crt DigiCertCA.crt > cert-chain.txt

Step 3. Import cert-chain into keystore file

> keytool -importkeystore -srckeystore cert-chain.pkcs12 -srcstoretype PKCS12 -destkeystore web-container-keystore

Step 4. Install Keystore

Copy the keystore file created in the previous step to the Situate security directory, i.e.,/opt/situate/security/web-container-keystore.

Step 5. Restart Situate Server

> systemctl restart situate