Installation Guide > Appendices > Appendix A. Configuration Utilities > HTTPS Certificate Utility

HTTPS Certificate Utility

The HTTPS Certificate Utility manages the default servlet runner certificate. Use this utility to install or update a certificate for the HTTP server functionality that is included with the Management and Security Server.

This certificate enables clients to establish secure connections (HTTPS) to the services provided by the Management and Security Server. (Other certificates are managed differently.)

Running the HTTPS Certificate Utility

The HTTPS Certificate Utility can be run at any time to manage the servlet runner certificate. The utility requires that Management and Security Server was installed with an automated installer or multi-component manual installation file.

  1. Verify that you used the HTTP Server functionality that was provided during installation.

  2. Run the utility (HttpsCertificateUtility.exe or HttpsCertificateUtility).

    Windows systems:

    [MssServerInstall]\utilities\bin\HTTPSCertificateUtility.exe

    Linux or UNIX systems:

    [MssServerInstall]/utilities/bin/HTTPSCertificateUtility

  3. Follow the prompts in the utility, and select a certificate action:

    • generate a new key pair and self-signed certificate.

    • import a CA-signed certificate and private key.

    • copy the certificate and private key used by the Administrative Server.

NOTE:When needed, the HTTPS Certificate Utility can be run in console mode by using the -console application argument.

Alternative approaches

  • Instead of running the HTTPS Certificate Utility, you can run the Initial Configuration Utility to generate cryptographic keys and self-signed certificates for the provided servlet runner. Use of either utility will overwrite any existing keys.

  • You can configure Management and Security Server to use either a self-signed certificate, or a CA-signed SSL server certificate. For details regarding CA-signed certificates, see Technical Note 1702.

Requiring HTTPS in the Administrative Server

Once your server supports HTTPS, use the Administrative WebStation to restrict the Administrative Server to the HTTPS protocol.

  1. In the Administrative WebStation, click Security Setup > Security tab.

  2. In the Administrative server access protocol section, select the Require HTTPS - recommended check box.

  3. Click Save Settings.