Running the HTTPS Certificate Utility

Use the HTTPS Certificate Utility to import a CA-signed certificate, create a new self-signed certificate, or copy the certificate used by the administrative server.

The HTTPS Certificate Utility requires that

  • the product was installed using either the automated installer or the multi-component manual installation image.

  • you use the HTTP Server functionality that is provided during installation.

The HTTPS Certificate Utility can be run at any time to manage the servlet runner certificate. Alternatively, you can also run the initial configuration utility to generate cryptographic keys and self-signed certificates for the provided servlet runner. Use of either utility will overwrite any existing keys.

You can configure Management and Security Server to use either a self-signed certificate, or a CA-signed SSL server certificate. For details regarding Tomcat and CA-signed certificates, see Technical Note 1702.

Run HttpsCertificateUtility.exe (Windows) or HttpsCertificateUtility (Linux and UNIX) from this location:

  • Windows: Start > All Programs > Micro Focus Host Access Management and Security Server > HTTPS Certificate Utility

  • Linux/UNIX: [MssServerInstall]/utilities/bin

Follow the prompts in the utility to generate a new key pair and self-signed certificate, to import a CA-signed certificate and private key, or to copy the certificate and private key used by the Administrative Server.

NOTE:When needed, the HTTPS Certificate Utility can be run in console mode by using the -console application argument.

Requiring HTTPS

Once your server supports HTTPS, use the Administrative WebStation to restrict the Administrative Server to the HTTPS protocol.

  1. Choose Security Setup on the navigation bar or home page.

  2. Choose the Security tab.

  3. In the Administrative server access protocol section, select the Require HTTPS - recommended check box.

  4. Click Save Settings.