3.7. What to do if your Certificates Expire

3.7. What to do if your Certificates Expire
Prev	Chapter 3. Building Jemboss	Next

There are two kinds of certificate that can run out:

The SSL certificate: This will eventually happen if you selected SSL encryption when running the install-jemboss-server.sh script.
The client jar file certificates: This will happen after the time limit you specified when running the makeJNLP.sh script.

If your SSL certificate runs out then you will need to create a new one using the keys.sh script provided in the utils directory. This will be /usr/local/emboss/share/EMBOSS/Jemboss/utils in the example above. If you are launching Jemboss using a web page then you must run makeJNLP.sh again as well. This is because the SSL certificate is bundled with the signed jar files.

If, however, only the jar file certificates have expired then you only need to run makeJNLP.sh again.

Whenever any of these certificates are replaced you should stop and restart the server using the tomstop and tomstart scripts.

Should you need to use keys.sh, here is a sample session:

%cd /usr/local/emboss/share/EMBOSS/Jemboss/utils
    %mkdir tmp
    %cd tmp
    %../keys.sh

Enter where to store the keys and certificates:
.

The '.' specifies the current directory.

Enter your surname:
Bleasby

Enter a password to use to create the keys with
(at least 6 characters):
helloworld

This should be the same password you used when running the install-jemboss-server.sh script. If you have forgotten what you used you can see it in the tomcat conf/server.xml file. Alternatively, use a new password and replace the one in the server.xml file.

Provide the validity period for these certificates, i.e. the
number of days before they expire and new ones need to be made [90]:
90

The meaning of the above is obvious. The script now has all it needs and prints the following text to the screen.

Certificate stored in file <./server.cer>
Certificate stored in file <./client.cer>
**********IMPORTING
Certificate was added to keystore
[Storing ./client.keystore]
**********IMPORTING
Certificate was added to keystore
[Storing ./server.keystore]

The following files will have been created.

% ls
client.cer  client.keystore  server.cer  server.keystore

These files should be copied to the Jemboss resources directory. For example given this would be done by typing:

% cp *.cer *.keystore /usr/local/emboss/share/EMBOSS/jemboss/resources

Prev	Up	Next
3.6. Starting and Stopping the Jemboss Server	Home	3.8. The `jemboss.properties` File