You are not logged in.
Self-signed certificates are helpful when a client uses an SSL web services connection to their integration partner (like BCX & BHP, Gijima & SolveDirect). When the certificate expires, the client does not always want to purchase a new certificate from a certification authority, but use a self-signed certificate instead in order to save costs.
Follow the 6 steps below to generate a self-signed certificate, and send the public one to the integration partner to implement on their side.
Normally self-signed certificates should only be used in development environments, but most of the time integration partners are running a dedicated IPSEC tunnel between them, so it should be safe to use.
Self-signed certificates are not advisable when the connection between partners are insecure.
Run the command below to generate a self-signed cert in an new empty keystore called tempks.jks (choose a new name for the keystore and fix the -dname to fit your URL):
"C:\Program Files\Southern X Integrators\jre\bin\Keytool.exe" -genkey -keyalg RSA -alias selfsigned -keystore tempks.jks -storepass T@gi2b2 -validity 365 -keysize 2048 -dname "CN=webservice.MYDOMAIN.co.za,OU=MYCOMPANY, O=MY COMPANY (Pty) Ltd, L=Midrand, ST=Gauteng, C=ZA"
Use this newly generated keystore in the configserver.xml. The server.xml in the Tomcat config directory points to the keystore to be used.
Run the command below to export the certificate, which will be sent to the Integration Partner Company (file IntPartnr.cer):
"C:\Program Files\Southern X Integrators\jre\bin\Keytool.exe" -export -alias selfsigned -file IntPartnr.cer -keystore tempks.jks
Restart the Apache TomCat service.
Then go to webservice.MYDOMAIN.co.za on an internet browser on the server where Tomcat is installed. You should get an error that the cert is not trusted. Import the Cert into the Trusted Root Certification Authorities store on that server. The reason for this is that Self-signed certificates by default gives this error and first has to be trusted.
Reconnect again to the above URL in the browser - It should now show that certificate is trusted.
Offline
Generate and implement a Self Signed Certificate for SSL Web Services connections, I use KeyTool IUI - standalone
Offline