How to Enable Secure Socket Layer for xFlow Interface using a CA Certificate (.PFX)

Release : 17.x

Component : xFlow/Service Point

Run the following in CMD as an Administrator

1. Convert the PFX to keystore (.jks):

keytool -importkeystore -srckeystore c:\PKCS_with_Privatekey.pfx -srcstoretype pkcs12 -srcstorepass changeit -destkeystore c:\keystore.jks -deststoretype jks -deststorepass changeit

2. Export the certificate chain as .cer and import into the keystore:

keytool -importcert -trustcacerts -v -alias root -file root.cer -keystore c:\keystore.jks -storepass changeit
keytool -importcert -trustcacerts -v -alias intermmediate -file intermmediate.cer -keystore c:\keystore.jks -storepass changeit
keytool -importcert -trustcacerts -v -alias child -file child.cer -keystore c:\keystore.jks -storepass changeit

3. Create the configuration files for each microservice:

echo -Dhttps.port=9444 -Dplay.server.https.keyStore.path=c:\keystore.jks -Dplay.server.https.keyStore.password=(keystore password) > incidentmicroservice-17.0.479\INCIDENTMICROSERVICE_config.txt
echo -Dhttps.port=9446 -Dplay.server.https.keyStore.path=c:\keystore.jks -Dplay.server.https.keyStore.password=(keystore password) > collabmicroservice-17.0.479\COLLABMICROSERVICE_config.txt
echo -Dhttps.port=9448 -Dplay.server.https.keyStore.path=c:\keystore.jks -Dplay.server.https.keyStore.password=(keystore password) > insightmicroservice-17.1.694\INSIGHTMICROSERVICE_config.txt
echo -Dhttps.port=9450 -Dplay.server.https.keyStore.path=c:\keystore.jks -Dplay.server.https.keyStore.password=(keystore password) > pushmicroservice-17.0.479\PUSHMICROSERVICE_config.txt
echo -Dhttps.port=9452 -Dplay.server.https.keyStore.path=c:\keystore.jks -Dplay.server.https.keyStore.password=(keystore password) > searchmicroservice-17.0.479\SEARCHMICROSERVICE_config.txt

4. Restart xFlow services.

Configuring the xFlow Interface to Connect to SSL based Micro Services documentation