{"id":668,"date":"2020-07-17T10:38:07","date_gmt":"2020-07-17T08:38:07","guid":{"rendered":"https:\/\/test-downloads.geniusbytes.com\/?post_type=docs&#038;p=668"},"modified":"2024-05-06T12:39:32","modified_gmt":"2024-05-06T10:39:32","password":"","slug":"how-can-i-manage-ssl-tls-certificates-in-genius-server","status":"publish","type":"docs","link":"https:\/\/tic.geniusbytes.com\/en\/docs\/how-can-i-manage-ssl-tls-certificates-in-genius-server\/","title":{"rendered":"Manage SSL\/TLS certificates?"},"content":{"rendered":"<p>We have created a new White Paper on this topic. This report may contain older information.<\/p>\n\n\n\n<div class=\"wp-block-wpfd-wpfd-file\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Requirements<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>current Genius Server installed on vm<\/li>\n\n\n\n<li>administrative permission in environment<br>(some tasks may require help of domain administrators)<\/li>\n\n\n\n<li>keyStore Explorer<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Objective<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>configure Genius Server to use SSL \/ TLS when establishing a connection as client (e.g. LDAPS)<\/li>\n\n\n\n<li>configure Genius Server to be able to accept SSL \/ TLS connections (e.g. HTTPS)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Solution<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Receive or export a CA certificate<\/li>\n\n\n\n<li>Create a trustStore<\/li>\n\n\n\n<li>Receive or create a server certificate<\/li>\n\n\n\n<li>Create a keyStore<\/li>\n\n\n\n<li>configure and test keyStore and trustStore in Genius Server<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Example<\/h2>\n\n\n\n<p>(if you are not allowed to install KeyStore Explorer, you can perform all steps with <a rel=\"noreferrer noopener\" href=\"https:\/\/docs.oracle.com\/javase\/8\/docs\/technotes\/tools\/unix\/keytool.html\" target=\"_blank\">java keytool<\/a>, located in:c:\\Program Files\\Genius CDDS Server\\jdk\\bin\\keytool.exe)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Export a CA certificate<\/h3>\n\n\n\n<p>if the CA certificate is already available you can skip this section<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>start KeyStore Explorer<\/li>\n\n\n\n<li>File, New, KeyStore Type: JKS<\/li>\n\n\n\n<li>Tools,  Import Key Pair, PKCS #12 (if you exported in a different format, select this format now)<\/li>\n\n\n\n<li>Select the certificate file and enter the password<\/li>\n\n\n\n<li>Choose a friendly name (alias) for the certificate, e.g. the hostname<\/li>\n\n\n\n<li>A password prompt will appear, this password will secure the certificate inside the keyStore. It has to be identical to the keyStore password <\/li>\n\n\n\n<li>Save the keyStore using the same password<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Press START and enter mmc<\/li>\n\n\n\n<li>file, ADD\/Remove Snap-in<\/li>\n\n\n\n<li>select the Certificates Snap-in and press add, choose computer account<\/li>\n\n\n\n<li>select &#8220;another cmputer&#8221; and enter the LDAP server<\/li>\n\n\n\n<li>if your account does not have sufficient permissions this step will fail and you have to contact a system administrator<\/li>\n\n\n\n<li>access the folder Trusted Root Certification Authorities<\/li>\n\n\n\n<li>select the CA certificate, right click and choose  All Tasks, Export<\/li>\n\n\n\n<li>use the wizards defult settins to export the certificate, do not choose to export the private key<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Create a trustStore<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>install and start KeyStore Explorer<\/li>\n\n\n\n<li>File, New, KeyStore Type: JKS<\/li>\n\n\n\n<li>Tools, Import Trusted Certificate<\/li>\n\n\n\n<li>Import the CA certificate from previous step<\/li>\n\n\n\n<li>save the keyStore file, choose a password and use a file name which indicate that this is a trustStore, e.g. trustStore.jks<br><\/li>\n\n\n\n<li>If the server you would like to connect to is signed by a so called intermediate certificate, importing this intermediate certificate is not enough. You will need the full chain of certificates.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">create a server certificate<\/h2>\n\n\n\n<p>the goal of this section is to create a server certificate with exportable private key. If the server certificate is already available you can skip this step<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li> Press START and enter cmd, rightclick and run as user who is allowed to manage certificates (most likely domain administrator)<\/li>\n\n\n\n<li>start mmc from this command prompt<\/li>\n\n\n\n<li>add certificate snap in for Computer account<\/li>\n\n\n\n<li>choose Local computer and confirm<\/li>\n\n\n\n<li>access personal\\certificates<\/li>\n\n\n\n<li>right click, All Tasks, Request New Certificate<\/li>\n\n\n\n<li>follow the wizard to the Request certificats screen<br>Select the computer and expand the details view, click properties<br><\/li>\n\n\n\n<li>in the subject tab enter the certificate like common name (FQDN) and Alternative Names (e.g. DNS Short Names)<\/li>\n\n\n\n<li>in the Private Key tab, Key options, check make private key exportable<br>this step is important because later the key will be exported and imported into a java keyStore to be accessible by GeniusMFP<\/li>\n\n\n\n<li>To finish, click Enroll<\/li>\n\n\n\n<li>The Status should show &#8220;Succeeded&#8221; and you can press finish<\/li>\n\n\n\n<li>The new server certificate (a key pair of public and private key) should now be displayed in the personal\\certificates folder<\/li>\n\n\n\n<li>Right click the certificate, choose All Tasks, Export<\/li>\n\n\n\n<li>Follow the wizard and select &#8220;Yes, export the private key&#8221;<\/li>\n\n\n\n<li>Save the certificate using a password. This password has to be identical to the password used in the next section to secure the keyStore.<br>Or in other words: Key (certificate) and keyStore have to use the same password<\/li>\n\n\n\n<li>Complete the wizard with default options<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">keyStore<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">configure Genius Server<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>copy keyStore.jks and trustStore.jks to the Genius Server configuration folder, e.g. C:\\Program Files\\Genius CDDS Server\\conf\\cdds<\/li>\n\n\n\n<li>right click Genius CDDS Server Tools and run it as administrator<\/li>\n\n\n\n<li>Access configuration and switch to advanced mode<\/li>\n\n\n\n<li>Access Certificate section<\/li>\n\n\n\n<li>configure keyStore path and password<\/li>\n\n\n\n<li>configure trustStore path and password<\/li>\n\n\n\n<li>set KeyStore cert Alias to the Entry Name (Alias) of the server certificate, e.g. gbd-wv-pho2t41.geniusbytesgmbh.local<\/li>\n\n\n\n<li>Perform Read Keystore  and Read Truststore tests from Tests menu<\/li>\n\n\n\n<li>if both tests are successful, save the configuration and restart the configuration tool (this will read key and truststore)<br><br><\/li>\n\n\n\n<li>The Genius Server will require a service restart to read keyStore and trustStore<\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>We have created a new White Paper on this topic. This report may contain older information. Requirements Objective Solution Example (if you are not allowed to install KeyStore Explorer, you can perform all steps with java keytool, located in:c:\\Program Files\\Genius CDDS Server\\jdk\\bin\\keytool.exe) Export a CA certificate if the CA certificate is already available you can [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"doc_category":[32],"doc_tag":[41,42,43,44,45],"class_list":["post-668","docs","type-docs","status-publish","hentry","doc_category-genius-server","doc_tag-certificate","doc_tag-keystore","doc_tag-ssl","doc_tag-tls","doc_tag-truststore"],"year_month":"2026-05","word_count":750,"total_views":"5704","reactions":{"happy":"0","normal":"0","sad":"0"},"author_info":{"name":"Bernd C.","author_nicename":"bernd","author_url":"https:\/\/tic.geniusbytes.com\/en\/author\/bernd\/"},"doc_category_info":[{"term_name":"Genius Server","term_url":"https:\/\/tic.geniusbytes.com\/en\/docs-category\/genius-server\/"}],"doc_tag_info":[{"term_name":"Certificate","term_url":"https:\/\/tic.geniusbytes.com\/en\/docs-tag\/certificate\/"},{"term_name":"keystore","term_url":"https:\/\/tic.geniusbytes.com\/en\/docs-tag\/keystore\/"},{"term_name":"SSL","term_url":"https:\/\/tic.geniusbytes.com\/en\/docs-tag\/ssl\/"},{"term_name":"TLS","term_url":"https:\/\/tic.geniusbytes.com\/en\/docs-tag\/tls\/"},{"term_name":"truststore","term_url":"https:\/\/tic.geniusbytes.com\/en\/docs-tag\/truststore\/"}],"knowledge_base_info":[],"knowledge_base_slug":[],"_links":{"self":[{"href":"https:\/\/tic.geniusbytes.com\/en\/wp-json\/wp\/v2\/docs\/668","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tic.geniusbytes.com\/en\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/tic.geniusbytes.com\/en\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/tic.geniusbytes.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tic.geniusbytes.com\/en\/wp-json\/wp\/v2\/comments?post=668"}],"version-history":[{"count":11,"href":"https:\/\/tic.geniusbytes.com\/en\/wp-json\/wp\/v2\/docs\/668\/revisions"}],"predecessor-version":[{"id":6136,"href":"https:\/\/tic.geniusbytes.com\/en\/wp-json\/wp\/v2\/docs\/668\/revisions\/6136"}],"wp:attachment":[{"href":"https:\/\/tic.geniusbytes.com\/en\/wp-json\/wp\/v2\/media?parent=668"}],"wp:term":[{"taxonomy":"doc_category","embeddable":true,"href":"https:\/\/tic.geniusbytes.com\/en\/wp-json\/wp\/v2\/doc_category?post=668"},{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/tic.geniusbytes.com\/en\/wp-json\/wp\/v2\/doc_tag?post=668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}