Versions Compared

Old Version 5

changes.mady.by.user Richard Hendricks

Saved on

compared with

New Version 6

changes.mady.by.user Richard Hendricks

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • For the development environments, you may generate a self signed certificate for the client machine and add to the attached rice-test.keystore using the following command:
    Code Block
    keytool -keystore rice-test.keystore -storepass nowUCme_nowUdont -v -alias <your alias> -genkeypair -validity 9999 -dname "CN=<your fully qualified machine name>, OU=<your organization>, O=UC Davis, L=Davis, ST=California, C=US"
  • Install the updated rice-test.keystore in your environment where it will be referenced in the rice configuration files.
  • A copy of the updated rice-test.keystore must also be installed on the Rice Standalone Server, and all Rice clients it the environment (KFS, KC).
  • An additional cert is required for client applications connecting to the rice-sandboxes environment. The rice-sandboxes.ucdavis.edu machine does not currently have an InCommon cert, therefore a certificate from rice-sandboxes.ucdavis.edu (rice-sandboxes_ucdavis_edu.pem) must be imported into the java cacerts bundle on the client machine. The following command shows how to import the cert (attached) for the rice-sandboxes.ucdavis.edu development machine:
    Code Block
    keytool -importcert -file rice-sandboxes_ucdavis_edu.pem -keystore cacerts -storepass changeit -alias rice-sandboxes.ucdavis.edu
  • Certificates for the various development environments (rice-sandboxes, rice-testint1, rice-qa-a, rice-qa-b) are attached to this document.

Production Environment

  • For the production environment, an InCommon Certificate is required for the client application which will be connecting to the production Rice Standalone Server.
  • The InCommon certificate is then installed in client application keystore along with the private key. The InCommon certificate is then forwarded to the rice team, along with the alias used, for addition to the rice central server keystore as well as the keystores of the other client applications in the environment.
  • The client application must also request that the rice team forward the certificates from all of the applications in the production environment, including the rice central server. These certificates must also be installed in the client application keystore, again with the proper alias.
  • For more information on how to request an InCommon certificate for your application, visit the following link and click on the SSL Certificate category: MyUCDavis > UCD Resources > Software

...