Previous Topic: Secure Configuration (Windows)Next Topic: Configure Secure Communication (Windows)

Set Up a Load Balancer for Orchestrator ClusteringApache Load BalancerApache Load Balancer Configuration on WindowsSecure Configuration (Windows)Generate SSL Certificate Files

Generate SSL Certificate Files

Generating the SSL certificates must be done after you install CA Process Automation, but before you configure secure communication for your load balancer. SSL certificates are not required if you want to use basic, non-secure communication for your load balancer.

Once generated, the certificate file location must be identified when you configure your load balancer configuration for secure communication.

Follow these steps:

  1. Download and install OpenSSL from a third-party vendor.

    Note: Ensure that the host on which you install OpenSSL has JDK installed.

  2. After you install CA Process Automation in cluster mode (and at least one node is installed), the CA Process Automation installation wizard generates the c2okeystore file in the following location: 
    \server_location\c2o\.config

    Copy c2okeystore and paste it to the following directory:

    \jdk_location\bin

    You can run the commands locally from this location.

  3. Use keytool in JDK to import the keystore to pksc12 format as follows:
    1. Go to the jdk_location\bin directory and run the following command: 
      keytool -importkeystore -srckeystore c2okeystore -srcstoretype jks -destkeystore c2okeystore.p12 -deststoretype pkcs12

      The console prompts you for the destination keystore password.

      Note: The OasisConfig.properties file contains the keystore password. Locate the file in this directory:

      \server_location\c2o\.config\

      Open the file and copy the password. The value can be found next to the entry KEYSTOREID=.

      For example, KEYSTOREID=723e1830-a98c-49a1-8f16-a0794c872835. The password is 723e1830-a98c-49a1-8f16-a0794c872835.

    2. Paste the password at the destination keystore password prompt in your open console.
    3. When prompted, re-enter the password.
    4. At the source key password prompt, enter the password again.

      A c2okeystore.p12 file is then generated in the \jdk_location\bin directory.

    5. You must convert the p12 formatted keystore to PEM formatted key and certificate files. To do this, run the openssl command at the \jdk_location\bin directory location: 
      openssl pkcs12 -nocerts -in c2okeystore.p12 -out c2okey.pem
    6. At the Import Password prompt, enter the keystore password.
    7. At the PEM pass phrase prompt, enter any phrase.
    8. Reenter your PEM pass phrase.
    9. Run the following command at the \jdk_location\bin directory location: 
      openssl pkcs12 -clcerts -in c2okeystore.p12 -out c2ocert.pem
    10. At the Import Password prompt, enter the keystore password.
    11. At the PEM pass phrase prompt, enter the phrase that you previously created for step g.
    12. Reenter your PEM pass phrase.
    13. Run the following command at the \jdk_location\bin directory location: 
      openssl rsa -in c2okey.pem -out c2okey2.pem
    14. At the PEM pass phrase prompt, enter the phrase that you previously created for step g.
    15. Reenter your PEM pass phrase.
    16. Copy the c2okey2.pem and c2ocert.pem files to your load balancer's \conf directory.

Note: Make a backup of these files.