Skip to content

Replace the Certificate with Your Non-default Keystore

You can use a keystore other than the default (sessionserver/etc/keystore.bcfks) to store your CA-signed certificates.

Specify the following properties in sessionserver/conf/container.properties:

server.ssl.key-store
server.ssl.key-store-password
Where the keystore path is set to the non-default keystore file name and the keystore password is set to the obfuscated value generated by the following command from the sessionserver directory:

../java/jre/bin/java -cp ./lib/jetty-util-<version>.jar org.eclipse.jetty.util.security.Password passwordToObfuscate
For example:

server.ssl.key-store=${server.home}/etc/custom.bcfks
server.ssl.key-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0

Tip

To avoid confusion, delete the default keystore.

To prevent the default keystore from being generated when the server starts up, open /conf/product-core-ctx.xml in a text editor and either remove or comment out the servletEngineKeystoreGenerator section. Restart the session server.