How To
Summary
For testing purposes, a self-signed SSL certificate might be used with IBM Resilient. This document explains how to create a self-signed SSL certificate and how to use it with IBM Resilient Circuits.
Environment
1. Back up the current keystore (/crypt/certs/keystore) moving it to another location.
2. Generate a new keystore and self-signed certificate on the Resilient server
sudo keytool -genkeypair -keyalg RSA -alias co3 -keystore /crypt/certs/keystore -storepass "$(sudo resutil keyvaultget -name keystore)" -keypass "$(sudo resutil keyvaultget -name keystore)" -validity 3650 -keysize 2048 -dname CN=resilient.domain.com
Circumstances might require the values set to be different from the values in the example command.
3. Restart Resilient
sudo systemctl restart resilient-messaging
4. Generate a new certificate for Resilient Circuits
openssl s_client -connect resilient.domain.com:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform PEM > ~/.resilient/cert.cer
The command returns the first certificate found in the openssl command. If the SSL certificate is not created as described here and is signed by an intermediate or root certificate authority the entire chain might be required, chained in the order of server/leaf -> intermediate -> root.
5. Update app.config
cafile=/path/to/cert.cer
6. Save app.config.
7. Restart Resilient Circuits
sudo systemctl restart resilient_circuits
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
19 April 2021
UID
ibm11288948