OnCommand Workflow Automation 5.0

Create a certificate signing request for Workflow Automation


You can create a certificate signing request (CSR) in Windows so that you can use the SSL certificate that is signed by a Certificate Authority (CA) instead of the default SSL certificate for Workflow Automation (WFA).

What you’ll need
  • You must have Windows admin privileges on the WFA server.

  • You must have replaced the default SSL certificate that is provided by WFA.

About this task

The default WFA installation path is used in this procedure. If you have changed the default path during installation, then you must use the custom WFA installation path.

  1. Log in as an admin user on the WFA host machine.

  2. Open a command prompt on the WFA server, and then change directories to the following location: WFA_install_location\WFA\jre\bin

  3. Create a CSR:

    keytool -certreq -keystore WFA_install_location\WFA\jboss\standalone\configuration\keystore\wfa.keystore -alias "ssl keystore" -file C:\file_name.csr

    file_name is the name of the CSR file.

  4. When prompted, provide the password (default or new).

    changeit is the default password. If you do not want to use the default password, you must change the password attribute of the SSL element in the standalone-full.xml file from the WFA_install_location\WFA\jboss\standalone\configuration\ location.


    <ssl name="ssl" password="new_password" certificate-key-file="${jboss.server.config.dir}/keystore/wfa.keystore"
  5. Send the file_name.csr file to the CA to obtain a signed certificate.

    See the CA web site for details.

  6. Download a chain certificate from the CA, and then import the chain certificate to your keystore:

    keytool -import -alias "ssl keystore CA certificate" -keystore "WFA_install_location\WFA\jboss\standalone\configuration\keystore\wfa.keystore" -trustcacerts -file C:\chain_cert.cer

    C:\chain_cert.cer is the chain certificate file that is received from the CA. The file must be in the X.509 format.

  7. Import the signed certificate that you received from the CA: keytool -import -alias "ssl keystore" -keystore "WFA_install_location\WFA\jboss\standalone\configuration\keystore\wfa.keystore" -file C:\certificate.cer

    C:\certificate.cer is the chain certificate file that is received from the CA.

  8. Start the following WFA services:

    • NetApp WFA Database

    • NetApp WFA Server