Skip to main content
OnCommand Workflow Automation 5.1

Create a certificate signing request for Workflow Automation

Contributors netapp-aoife
PDFs

You can create a certificate signing request (CSR) in Windows so that you can use the SSL certificate that is signed by a Certificate Authority (CA) instead of the default SSL certificate for Workflow Automation (WFA).

  • You must have Windows admin privileges on the WFA server.

  • You must have replaced the default SSL certificate that is provided by WFA.

The default WFA installation path is used in this procedure. If you have changed the default path during installation, then you must use the custom WFA installation path.

Steps

  1. Log in as an admin user on the WFA host machine.

  2. Open a command prompt on the WFA server, and then change directories to the following location:
    <OpenJDK_install_location>\bin

  3. Create a CSR:

    keytool -certreq -keystore WFA_install_location\WFA\jboss\standalone\configuration\keystore\wfa.keystore -alias "ssl keystore" -file C:\file_name.csr

    file_name is the name of the CSR file.

  4. When prompted, provide the password (default or new).

    The default password is a randomly generated encrypted password.

    To obtain and decrypt the default password, follow the steps in the Knowledge Base article How to renew the self-signed certificate on WFA 5.1.1.0.4

    To use a new password, follow the steps in the Knowledge Base article How to update a new password for the keystore in WFA.

  5. Send the file_name.csr file to the CA to obtain a signed certificate.

    See the CA web site for details.

  6. Download a chain certificate from the CA, and then import the chain certificate to your keystore: keytool -import -alias "ssl keystore CA certificate" -keystore "WFA_install_location\WFA\jboss\standalone\configuration\keystore\wfa.keystore" -trustcacerts -file C:\chain_cert.cer

    C:\chain_cert.cer is the chain certificate file that is received from the CA. The file must be in the X.509 format.

  7. Import the signed certificate that you received from the CA:

    keytool -import -alias "ssl keystore" -keystore "WFA_install_location\WFA\jboss\standalone\configuration\keystore\wfa.keystore" -file C:\certificate.cer

    C:\certificate.cer is the chain certificate file that is received from the CA.

  8. Start the following WFA services:

    • NetApp WFA Database

    • NetApp WFA Server