/
Connecting to SSL services

Connecting to SSL services

Feb 04, 2019

 

Obtaining a server's public certificate

To obtain the certificate used by a SSL protected service:

  1. Download and start the Portacle application to manage Java key-stores and certificates.  Since this is a third-party tool, we can't provide any support for it. Furthermore you need to have a Java 7 Runtime Environment installed to run the portacle.jar file.

  2. Click on Examine and then on Examine SSL/TLS Connection.

  3. Enter the hostname and port of the SSL protected service you want to connect to.

  4. The application will now show further information about the certificate used by the service. Click on PEM Encoding to show the certificate itself.

  5. Click on Save to save the certificate to a temporary location. Make sure you replace .pem with .cer as the extension to save.

Now you have a copy of the server's public certificate. Next we need to import that certificate to the cacerts key-store file.

Importing a server's public certificate to the Java keystore

Since we always include the latest Java Runtime Environment (JRE) in our server and client releases, you need to open the cacerts file coming with the JRE and import the certificate obtained before to that keystore file.

The steps below have to be repeated after every update of PowerFolder Server, because a PowerFolder Server update will also update/replace the Java Runtime Environment with the latest version available at the time of the release!

Location of the cacerts file

  • On Windows operating systems: %PROGRAMFILES%\PowerFolder.com\PowerFolder-Server\jre\lib\security

  • On Linux operating systems: $SERVER_INSTALL/jre32/lib/security or $POWERFOLDER_INSTALL/jre64/lib/security (replace $SERVER_INSTALL with the path to the PowerFolder Server installation directory)

Password of the cacerts file

By default the cacerts file is protected with the password "changeit" (without the quotation marks).

Importing a certificate to the cacerts files

To import the certificate to the cacerts key-store file:

  1. Download and start the Portacle application to manage Java key-stores and certificates.  Since this is a third-party tool, we can't provide any support for it. Furthermore you need to have a Java 7 Runtime Environment installed to run the portacle.jar file.

  2. Click on File and then Open Keystore File.

  3. Click on Tools and then Import Trusted Certificate.

  4. Select the certificate exported above and confirm that you trust it. Enter an alias for it which fits the purpose (e.g. powerfoldermail or powerfolderldap).
     There may be an error message telling you that the trust path could not be established. Ignore it and click on OK.

  5. Click on File and then Save to save the changes to your cacerts file.

  6. Replace the cacerts file delivered with the Java Runtime Environment with the one just modified.

  7. Restart PowerFolder Server.

  8. Test the connection to the SSL service.