Configuring Wire Encryption
Also available as:
PDF
loading table of contents...

Create CA-Signed Certificates for Production

How to create a CA-signed certificate for production, when configuring SSL for Knox.

For production deployments or any deployment in which a certificate authority issued certificate is needed, the following steps are required.
  1. Import the desired certificate/key pair into a java keystore using keytool and ensure the following:
    • The certificate alias is gateway-identity.
    • The store password matches the master secret created earlier.
    • Note the key password used - as we need to create an alias for this password.
  2. Add a password alias for the key password:cd $gateway bin/knoxcli.cmd create-cert create-alias gateway-identity-passphrase --value $actualpassphrase.
    Note
    Note

    The password alias must be gateway-identity-passphrase.