Thanks for the responses. So, what are the keystores in the /data/security folder for? Are they keystores sent in response to incoming messages?
-Jennifer From: larry mccay [mailto:[email protected]] Sent: Thursday, March 23, 2017 5:45 PM To: [email protected] Subject: Re: How do I configure Knox to talk to a Web Service with a Self-Signed Certificate over Https? +1 to Christopher's response. Thanks! On Thu, Mar 23, 2017 at 5:41 PM, Christopher Jackson <[email protected]<mailto:[email protected]>> wrote: Hi Jennifer, You need to add your self-signed certificate to the java keystore. It should be added to the keystore of the java instance being used to run Knox. This task isn’t really specific to knox but more so a common java task. You can look online at the documentation for java keytool for specifics but it would be something like this: keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeme -alias <some-alias> -noprompt -file <some-cert> Regards, Christopher Jackson On Mar 23, 2017, at 4:01 PM, Jennifer Coston <[email protected]<mailto:[email protected]>> wrote: Hello Again, I am trying to determine how to configure Knox to talk to a web service with a self-signed keystore (we are still in the early days of development) over https. So in other words, I want my topology file to have this: <service> <role>HELLOSERVICE</role> <url>https://server.running.service:8447/demo</url><https://server.running.service:8447/demo%3C/url%3E> </service> Instead of this: <service> <role>HELLOSERVICE</role> <url>http:// server.running.service:8088/demo</url> </service> Can you please point me to some directions about how to go about doing this? I thinking that I need to add the web service’s keystore to Knox’s keystores so that it knows who it is talking to, but I’m not sure if there is any additional configuration needed or how to go about adding a keystore to Knox. I’ve found some diagrams online indicating that this should be possible, but haven’t had any luck finding directions. Thank you! Jennifer
