CSRCurrent en:SSL Certificate Installation

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche



SSL Certificate Installation

If the Cryptshare Server uses a self-signed certificate or a certificate that is signed by a certificate authority which is not automatically trusted by the Robot's Java Runtime, you will not be able to establish a secure connection to the Cryptshare Server, and so the Cryptshare Robot will not be able to function properly. If you receive SSL Connection errors when trying to run the Robot application, you can add the Crypthare Server Certificate as a trusted certificate to your Java Keystore with the free Keystore Explorer Tool as described below.

Keystore Explorer

The free Keystore Explorer can be downloaded at the following URL: https://keystore-explorer.org/downloads.html The tool can be used for all management operations for a Java SSL certificate. This applies to certificates on Windows systems as well as on Linux systems.

  • Start Keystore Explorer with administrative permissions:
    • Click on 'Start'
    • Find the shortcut 'Keystore Explorer x.x.x'
    • Right click on this entry
    • Select 'Start as administrator' in the menu
AWTError
If you receive this error...
Awt-error.png

...please open the directory C:\Users\<Your username> and the file .accessibility.properties and add a # character in front of the following lines:

assistive_technologies=com.sun.java.accessibility.AccessBridge

screen_magnifier_present=true

and save this file.

Get the Cryptshare Server Certificate File

If you do not have the Cryptshare Server certificate file available, you can export it from the Cryptshare Server's key store using the Keystore Explorer. If you already have the "*.cer" certificate file ready, you can skip this section and continue on to the next section Install the Cryptshare Server Certificate in the Client's Java Runtime. If you have a GUI available on the Cryptshare Server machine, you can run the Keystore Explorer application directly on the server machine, otherwise simply copy the keystore file from the Cryptshare Server to your working computer, so you can open the file with the Keystore Explorer. The Cryptshare Server keystore file is located at path-to-server-installation-directory/lib/security/keystore. On the Keystore Explorer Start Screen, select "Open an existing KeyStore" and select the Cryptshare Server keystore file from the file selector popup window.

58295846.png

The Keystore Explorer then prompts you for a password to access the keystore file. The default password for the keystore of a new Cryptshare Server Installation is 'CA0AZhuFM4NogQh'. However, your server administrator may have changed the password. See Web Server Configuration - SSLConfiguration. Once the keystore file is open in the Keystore Explorer, you can see the Cryptshare Server certificate in the list. Right-click on the entry and choose "Export->Export Certificate Chain" from the popup menu:

58295838.png

This will open the export settings dialog. You can leave the standard settings unchanged, and just choose a file name and location under which to save your exported certificate file. Then click "Export".

58295839.png

The exported server certificate file can now be imported to the client's Java Runtime Certificate Store, as described in the next section.

Install the Cryptshare Server Certificate in the Client's Java Runtime

You can now use the Keystore Explorer to install your Cryptshare Server Certificate to the Java Runtime's Keystore. Make sure you start the Keystore Explorer with administrative permissions, so that you have write access to the Java Keystore, or you will not be able to save any changes. On the Start Screen of the Keystore Explorer, click on the option "Open the CA Certificates KeyStore", which will automatically open your Java Runtime's certificate key store file, which is located at path-to-jre/lib/security/cacerts.

58295837.png

To install your Cryptshare Server certificate file, select "Import Trusted Certificate" from the "Tools" menu, and then select your Cryptshare Server's certificate file from the file selector popup window.

58295840.png

The Keystore Explorer then prompts you to enter an Alias for the certificate file. This will be the name under which the certificate will be stored in the certificate store. Enter a name and click OK.

58295841.png

The Cryptshare server certificate will now be available in the Java Runtime's Certificate Store:

58295842.png

Don't forget to save the certificate store. When the Robot is now started, it will be able to create a secure SSL connection to the Cryptshare Server, since the Java Runtime now knows and trusts the Cryptshare Server certificate.