14.1.3 HTTPS Certificate Utility

The HTTPS Certificate Utility manages the default servlet runner certificate. Use this utility to install or update a certificate for the HTTP server functionality that is included with the Management and Security Server. This certificate enables clients to establish secure connections (HTTPS) to the services provided by the Management and Security Server. (Other certificates are managed differently.)

The HTTPS Certificate Utility can be used to create a private key and generate a Certificate Signing Request (CSR). You can then import the signed certificate and the private key.

Running the HTTPS Certificate Utility

The HTTPS Certificate Utility can be run at any time after Management and Security Server is installed.

  1. Verify that you used the HTTP Server functionality that was provided during installation.

  2. Run the utility.

    On Windows:

    [MssServerInstall]\utilities\bin\HTTPSCertificateUtility.exe

    On Linux or UNIX:

    [MssServerInstall]/utilities/bin/HTTPSCertificateUtility

  3. Follow the prompts in the utility, and select a certificate action:

    • Generate a new key pair and self-signed certificate.

    • Generate a new private key and Certificate Signing Request.

    • Import a certificate and private key.

    • Import the Management and Security Server certificate and private key.

NOTE:When needed, the HTTPS Certificate Utility can be run in console mode by using the -console application argument.

Alternative approaches

  • Instead of running the HTTPS Certificate Utility, you can run the Initial Configuration Utility to generate cryptographic keys and self-signed certificates for the provided servlet runner. Any existing keys will be overwritten by either utility.

  • You can configure Management and Security Server to use either a self-signed certificate, or a CA-signed SSL server certificate.

Requiring HTTPS in the Administrative Server

Once your server supports HTTPS, use the MSS Administrative Console to restrict the Administrative Server to the HTTPS protocol.

  1. In the MSS Administrative Console, click Configure Settings > General Security.

  2. Check Require HTTPS for connections to the Management and Security Server.

  3. Click Apply.