KBEC-00217 - Flow server SSL configuration

Problem

This article describes how to replace the server certificate if it fails the security scan.

Description

There are three relevant configuration entries in the server/conf/commander.properties file:

COMMANDER_HTTPS_PORT=8443
COMMANDER_KEYSTORE=conf/keystore
COMMANDER_KEYSTORE_PASSWORD=abcdef
  • COMMANDER_HTTPS_PORT configures the SSL port.
  • COMMANDER_KEYSTORE is the location of the java keystore where the Commander HTTP server finds its host certificate
  • COMMANDER_KEYSTORE_PASSWORD is the password to the keystore

Solution

Follow these steps to generate and inject a self-signed certificate for 1 year.

1) Back up the keystore file.

2) Delete the original key.

atumarkin@ATUMARKIN /cygdrive/c/ProgramData/Electric Cloud/ElectricCommander/conf
 
$ "c:/Program Files/Electric Cloud/ElectricCommander/jre/bin/keytool" -delete -alias jetty -keystore keystore -keypass passkey
Enter keystore password: abcdef

3) Generate and inject a new certificate.

atumarkin@ATUMARKIN /cygdrive/c/ProgramData/Electric Cloud/ElectricCommander/conf
 
$ "c:/Program Files/Electric Cloud/ElectricCommander/jre/bin/keytool" -keystore keystore -alias jetty -genkey -keyalg RSA -sigalg MD5withRSA -validity 365
Enter keystore password: abcdef
What is your first and last name?
 [Unknown]: localhost
What is the name of your organizational unit?
 [Unknown]: 
What is the name of your organization?
 [Unknown]: 
What is the name of your City or Locality?
 [Unknown]: 
What is the name of your State or Province?
 [Unknown]: 
What is the two-letter country code for this unit?
 [Unknown]: 
Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct
?
 [no]: yes
 
Enter key password for 
 (RETURN if same as keystore password): 

4) Restart the server.

Your new certificate will look something like this:

atumarkin@ATUMARKIN /cygdrive/c/ProgramData/Electric Cloud/ElectricCommander/conf
 
$ "c:/Program Files/Electric Cloud/ElectricCommander/jre/bin/keytool" -list -v -keystore keystore -keypass passkey
Enter keystore password: abcdef
 
Keystore type: JKS
Keystore provider: SUN
 
Your keystore contains 1 entry
 
Alias name: jetty
Creation date: Jan 31, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Serial number: 4f28603f
Valid from: Tue Jan 31 13:42:23 PST 2012 until: Wed Jan 30 13:42:23 PST 2013
Certificate fingerprints:
 MD5: 38:50:CD:29:8C:16:3A:78:29:0F:45:56:E0:CA:42:D9
 SHA1: 9B:A3:E4:EA:A7:C0:3A:ED:BF:63:24:18:F0:08:78:22:59:85:BC:8A
 Signature algorithm name: MD5withRSA
 Version: 3
 
 
*******************************************
*******************************************

References

Have more questions?

0 Comments

Please sign in to leave a comment.