If your security policy requires that a signed certificate be used for the NAM Console Server, you can provide your own certificate issued by a trusted authority.
The default certificate provided with the NAM Console Server installation is unsigned.
To provide an officially signed certificate, see the following:
Creating a new keystore
On the system where you have installed the NAM Console Server, open a
Command Prompt window.
Command Prompt application for Windows provides a command-line interface to the operating system.
Ensure that the
keytool utility is present and available on the system.
Command Prompt window, run the
keytool utility without any command line arguments. If the utility is found, the result of running the command is the help output detailing
keytool usage. If an error message is displayed instead, indicating that
keytool is not recognized as an internal or external command or operable program or batch file, find
keytool on the computer or install it. To do this:
keytool is present on the computer.
keytool is available free as part of the Java Runtime Environment (JRE). Verify if JRE is currently one of the installed programs and where it is installed. If it is installed, locate
keytool in the JRE folder and make sure that this folder is in your system-wide PATH environment variable.
If JRE is not installed on the computer, install the latest version.
Perform the installation by following the steps described at
www.java.com . When installing the JRE, you may be prompted to un-install older versions of Java. Do this only if you are sure that there is no software on your computer that relies on the particular version or language of the currently installed Java.
keytool is now available.
After the JRE has been installed, open the
Command Prompt window and verify that
keytool is now available. If it is still not available, amend the PATH environment variable accordingly and re-try.
Change the current drive to the drive on which the NAM Console Server has been installed.
The default installation drive is
Change the current working directory to the folder where the NAM Console Server keystore file resides.
The default location of the installation folder is:
C:\Program Files\Dynatrace\RUM Console\
cd \Program Files\Dynatrace\RUM Console\workspace\configuration\jetty\etc
Delete the current keystore file, named
Execute the command to create a new keystore.
keytool -genkeypair -keyalg RSA -keysize 2048 -keystore keystore
When prompted, enter and confirm the keystore password as
Note that the password characters do not appear on the screen as you type:
Enter keystore password: Re-enter new password:
When prompted to enter first and last name, enter the domain name.
This is the domain that is used by the NAM Console Server. For example:
What is your first and last name? [Unknown]: yellow.brick.road
The name for a certificate cannot be an IP address and must be a fully qualified domain name. Due to new CA/Browser Forum changes, internal server names and private IP addresses will not be available for use after July 15, 2015.
When prompted, enter the other required information and confirm your entries, for example:
What is the name of your organizational unit? [Unknown]: Order Processing What is the name of your organization? [Unknown]: Yellow Paving Supplies What is the name of your City or Locality? [Unknown]: Sedan What is the name of your State or Province? [Unknown]: Kansas What is the two-letter country code for this unit? [Unknown]: US Is CN=yellow.brick.road, OU=Order Processing, O=Yellow Paving Supplies, L=Sedan, ST=Kansas, C=US correct? [no]: yes
When prompted, enter password for
Note that the password characters do not appear on the screen as you type, for example:
Enter key password for <mykey> (RETURN if same as keystore password): Re-enter new password:
Creating and submitting a certificate signing request (CSR)
keytool command to create a CSR file. You are required to enter the password you defined earlier.
keytool –certreq –alias mykey –keyalg RSA –file certReq.csr –keystore keystore
keytool -certreq -alias mykey -keyalg RSA -file certReq.csr -keystore keystore Enter keystore password:
As a result of this step, a CSR file is created, named
Use the created CSR file to apply for a signed certificate.
Apply to the appropriate Certificate Authority and provide the CSR file.
Importing the certificates obtained from a certificate authority
Most end-user certificates are issued by intermediate certificate authorities, so you have to import not only the certificate reply, but also add a trusted certificate entry for each certificate in the chain: intermediate and root certificate. Use the
keytool command for both types of input operations, noting that if the alias does not point to a key entry, then the
keytool command assumes you are adding a trusted certificate entry – one of the certificates in the chain. If the alias points to a key entry, then the
keytool command assumes you are importing a certificate reply.
keytool command to add each trusted certificate entry in the chain.
Note that if the alias does already exist, then the
keytool command outputs an error, because there is already a trusted certificate for that alias.
keytool –importcert -trustcacerts -alias ca_alias
where ca_alias is the name of the appropriate intermediate or root certificate and cert_file is the name of the CER certificate file you have received.
First add each trusted certificate in the chain. Do not import the certificate reply until all of the trusted certificates have been added.
If the command is executed successfully for each certificate, the message “Certificate was added to keystore” is displayed.
keytool command to import the certificate reply.
keytool –importcert -trustcacerts -alias mykey -file cert_file
where cert_file is the name of the CER certificate file you have received.
If the command is executed successfully, the message “Certificate reply was installed in keystore” is displayed.
Restart the NAM Console Server.