Versions Compared

Old Version 2

changes.mady.by.user Richard Hendricks

Saved on

compared with

New Version 3

changes.mady.by.user Richard Hendricks

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In order to facilitate KSB communication between the Rice central server and client applications, a certificate will be required for the client applications that will be connecting to the Rice Standalone Server. The following steps explain details required to comply with the certificate requirements.

Development Environments

  • For the development environments, you may generate a self signed certificate for the client machine and add to the attached rice-test.keystore using the following command:
    Code Block
    
keytool -keystore rice-test.keystore -storepass nowUCme_nowUdont -v -alias <your alias> -genkeypair -validity 9999 -dname "CN=<your fully qualified machine name>, OU=<your organization>, O=UC Davis, L=Davis, ST=California, C=US"
  • Install the updated rice-test.keystore in your environment where it will be referenced in the rice configuration files.
  • A copy of the updated rice-test.keystore must also be installed on the Rice Standalone Server, and all Rice clients it the environment (KFS, KC).
  • An additional cert is required for client applications connecting to the rice-sandboxes environment. The rice-sandboxes.ucdavis.edu machine does not currently have an InCommon cert, therefore a certificate from rice-sandboxes.ucdavis.edu (rice-sandboxes_ucdavis_edu.pem) must be imported into the java cacerts bundle on the client machine. The following command shows how to import the cert (attached) for the rice-sandboxes.ucdavis.edu development machine:
    Code Block
    
keytool -importcert -file rice-sandboxes_ucdavis_edu.pem -keystore cacerts -storepass changeit -alias rice-sandboxes.ucdavis.edu
  • Certificates for the various development environments (rice-sandboxes, rice-testint1, rice-qa-a, rice-qa-b) are attached to this document.

Production Environment

  • For the production environment, an InCommon Certificate is required for the client application which will be connecting to the production Rice Standalone Server.
  • The InCommon certificate is then installed in client application keystore along with the private key and the certificate is then forwarded to the rice team, long with the alias used, for addition to the rice central server keystore as well as the keystores of the other client applications in the environment.
  • The client application must also request the rice team forward the certificates from all of the applications in the production environment, including the rice central server. These certificates must also be installed in the client application keystore, with the proper alias.
  • For more information on how to request an InCommon certificate for your application, visit the following link and click on the SSL Certificate category: MyUCDavis > UCD Resources > Software

It is recommended that certificates be imported into the client keystore with an alias which matches the rice application id (e.g., rice, kfs, ...etc). Keeping the alias a simple intuitive value will help prevent alias mismatches between the various keystores, which will cause KSB communication to fail.