Use a custom SSL certificate

Instead of the default certificate, you can use a custom, encrypted SSL certificate to connect to DPA. To do so, complete the following tasks.

Generate the certificate

Generate the custom certificate you want to use. There are multiple ways to generate a certificate. The following is one example of a command:

keytool -genkeypair -alias sample_alias -keypass sample_password123 -keyalg RSA -keysize 2048 -keystore sample_keystore.p12 -validity 1825 -storepass sample_password123 -storetype pkcs12

Place the certificate on the DPA server

Copy the certificate file and place it on the DPA server. The recommended location is:

DPA_installation_directory/iwc/tomcat/ignite_config

Specify the certificate location and credentials

Use the Keystore Management page to specify the location of the custom certificate and the credentials that allow DPA to access it. The credentials are encrypted and securely stored.

A keystore is a secure storage mechanism used to manage encrypted certificates and their keys.

1. Log in to DPA as a user with administrative privileges.

2. From the DPA menu in the upper-right corner, click Options.

3. Under Administration > Configuration, click Keystore Management.

   The Keystore Management page opens.

4. In the Keystore File Path field, enter the location and the file name of the certificate file.

5. In the Keystore Password field, enter the password that allows DPA to access the keystore. This is the keypass and storepass specified when the certificate was generated.

6. In the Key Pair Alias field, enter the alias that was specified when the certificate was generated.

7. Click submit.

When the new keystore configuration is applied, all logged in users must refresh the browser tab in which DPA is running. Depending on the browser's cache and SSL settings, it might take two or three minutes for the browser to recognize the new certificate.