Create a certificate signing request for Workflow Automation
You can create a certificate signing request (CSR) in Windows so that you can use the SSL certificate that is signed by a Certificate Authority (CA) instead of the default SSL certificate for Workflow Automation (WFA).
-
You must have Windows admin privileges on the WFA server.
-
You must have replaced the default SSL certificate that is provided by WFA.
The default WFA installation path is used in this procedure. If you have changed the default path during installation, then you must use the custom WFA installation path.
-
Log in as an admin user on the WFA host machine.
-
Open a command prompt on the WFA server, and then change directories to the following location:
WFA_install_location\WFA\jre\bin
-
Create a CSR:
keytool -certreq -keystore WFA_install_location\WFA\jboss\standalone\configuration\keystore\wfa.keystore -alias "ssl keystore" -file C:\file_name.csr
file_name is the name of the CSR file.
-
When prompted, provide the password (default or new).
changeit
is the default password. If you do not want to use the default password, you must change the password attribute of the SSL element in thestandalone-full.xml
file from theWFA_install_location\WFA\jboss\standalone\configuration\
location.Example
<ssl name="ssl" password="new_password" certificate-key-file="${jboss.server.config.dir}/keystore/wfa.keystore"
-
Send the
file_name.csr
file to the CA to obtain a signed certificate.See the CA web site for details.
-
Download a chain certificate from the CA, and then import the chain certificate to your keystore:
keytool -import -alias "ssl keystore CA certificate" -keystore "WFA_install_location\WFA\jboss\standalone\configuration\keystore\wfa.keystore" -trustcacerts -file C:\chain_cert.cer
C:\chain_cert.cer
is the chain certificate file that is received from the CA. The file must be in the X.509 format. -
Import the signed certificate that you received from the CA:
keytool -import -alias "ssl keystore" -keystore "WFA_install_location\WFA\jboss\standalone\configuration\keystore\wfa.keystore" -file C:\certificate.cer
C:\certificate.cer
is the chain certificate file that is received from the CA. -
Start the following WFA services:
-
NetApp WFA Database
-
NetApp WFA Server
-