7. CA-Signed Certificates for Production

For production deployments or any deployment in which a certificate authority issued certificate is needed, the following steps are required.

  1. Import the desired certificate/key pair into a java keystore using keytool and ensure the following:

    • The certificate alias is gateway-identity.

    • The store password matches the master secret created earlier.

    • Note the key password used - as we need to create an alias for this password.

  2. Add a password alias for the key password:

    cd $gateway bin/knoxcli.cmd create-cert create-alias gateway-identity-passphrase --value $actualpassphrase


    The password alias must be "gateway-identity-passphrase".

loading table of contents...