Introduction / FirstSpirit Server configuration / HTTPS server configuration / Self-signed security certificate

Using the launcher with self-signed certificates

Installing the security certificate for a test server

For test installations, the self-signed certificate from the supplied keystore (conf/fs-keystore.jks) can be used. This enables the modification to the web server configuration to be continued straight away (see Installing a trustworthy security certificate). If a separate test certificate with a different host name is to be created, the following call can be used to do this:

keytool -genkeypair -alias fs5.yourdomain.net -keyalg RSA -validity 1000 -
keystore conf/fs-keystore.jks -storepass changeit

For the "first name and last name" (CN) query, the FirstSpirit Server's fully qualified host name (host name incl. domain) which is visible to the client must be specified.

To remove a certificate with a specified alias name – in this case “jetty” – from the keystore:

keytool -delete -alias jetty -keystore conf/fs-keystore.jks -storepass changeit

To list all certificates:

keytool –list -v -keystore conf/fs-keystore.jks -storepass changeit

The modification to the web server configuration of the FirstSpirit Server is then made.

Disclosing a self-signed certificate

To use a self-signed security certificate on pages of FirstSpirit SiteArchitect, the following parameters must be added when SiteArchitect is called and the certificate file must be copied to the client computer:

-Djavax.net.ssl.trustStore=pfad/zur/datei/fs-keystore.jks
-Djavax.net.ssl.trustStorePassword=changeit

© 2005 - 2024 Crownpeak Technology GmbH | All rights reserved. | FirstSpirit 2024.4 | Data privacy