CA-Signed Certificates for Production
For production deployments or any deployment in which a certificate authority issued certificate is needed, the following steps are required.
Import the desired certificate/key pair into a java keystore using keytool and ensure the following:
The certificate alias is gateway-identity.
The store password matches the master secret created earlier.
Note the key password used - as we need to create an alias for this password.
Add a password alias for the key password:
cd $gateway bin/knoxcli.cmd create-cert create-alias gateway-identity-passphrase --value $actualpassphrase
Note The password alias must be
gateway-identity-passphrase.