Using the launcher with self-signed certificates

Installing the security certificate for a test server

To create your own test certificate for test installations, you can use the following command:

keytool -genkeypair -alias fs5.yourdomain.net -keyalg RSA -validity 1000 -
keystore conf/fs-keystore.jks -storepass changeit

For the "first name and last name" (CN) query, the FirstSpirit Server's fully qualified host name (host name incl. domain) which is visible to the client must be specified.

You can then continue directly with changing the web server configuration (see Installing a trustworthy security certificate).

To remove a certificate with a specified alias name – in this case “jetty” – from the keystore:

keytool -delete -alias jetty -keystore conf/fs-keystore.jks -storepass changeit

To list all certificates:

keytool -list -v -keystore conf/fs-keystore.jks -storepass changeit

The modification to the web server configuration of the FirstSpirit Server is then made.

Disclosing a self-signed certificate

To use a self-signed security certificate on pages of FirstSpirit SiteArchitect, the following parameters must be added when SiteArchitect is called and the certificate file must be copied to the client computer:

-Djavax.net.ssl.trustStore=pfad/zur/datei/fs-keystore.jks
-Djavax.net.ssl.trustStorePassword=changeit