After you generate the key pair, you must generate a CSR using the generate-csr action.
A CSR file contains all of the information that a Certificate Authority (CA) needs to produce a signed certificate that can be used on your Tomcat server. It includes a copy of your public key (but not your private key, which only you should ever have access to), as well as various text fields that the CA uses to identify your server and your organization.
If you already have a keystore containing a CA-signed certificate, skip this procedure and configure the Commvault Tomcat service.
Procedure
-
Generate a Certificate Signing Request (CSR):
-
Verify if the following settings are defined. You must have defined the settings in the step, Defining Settings in the Workspace Configuration File. If you missed the settings, define it before you generate a CSR:
-
domain-name*
-
keystore-password*
-
server-ip*
-
workspace*
-
csr-filename**
-
days-valid**
-
extension**
-
instance**
-
keystore-filename**
-
keystore-type**
-
keystore-alias**
-
keytool-executable-path**
*Required settings that you must enter.
**Settings with default values that you might need to customize.
For information about settings, see Settings for the Workspace Configuration File.
-
-
Run the following command:
cvCertTool.cmd -workspace "workspace_filepath" generate-csrThe newly generated CSR file will be placed in the workspace folder.
-
-
Acquire a signed certificate from your CA:
-
Upload the CSR to the CA website and submit it for signing. Indicate that the certificate you require is for a Tomcat server.
-
Download the root, intermediate, and issued server or domain certificates.
-
Copy all of the certificates to the cacerts folder in your workspace. You can use the certificates for the
import-ca-certsaction.Note
You must follow the guidelines provided by your CA because the process of submitting a CSR to a CA and downloading a response might vary.
-