To perform HTTPS uploads (necessary for HTTPS transport) the Transport Service requires access to a certificate that allows it access to the destination, otherwise transport will fail. To perform import of a certificate, use the command-line tool keytool or the GUI-based Policy Tool. You can import into a default keystore or create your own keystore.
Before you begin
Familiarize yourself with the import tool you will be using. Both keytool and Policy Tool are included in the Java Development Kit. The following Web resources explain how to use these tools:
Procedure
- Your Java Runtime Environment (JRE) ships with a default password-protected keystore known as the CACERTS keystore. By default, the password for this keystore is
changeit. To import your certificate into this keystore, execute the following command from the command prompt:
keytool -import -file mycertificate.cer -keystore c:\path\to\jre\lib\security\CACERTS
where mycertificate.cer is your certificate file, and c:\path\to\ is the path to your JRE.
- Alternatively, if you want to import your certificate into your own custom keystore instead, create the keystore and import the certificate with the following command:
keytool -import -file mycertificate.cer -keystore c:\mydir\myks.keystore
where mycertificate.cer is your certificate file, and c:\mydir\myks.keystore is the full path and filename to the keystore file you want to create. Keytool prompts you for a password to secure this new keystore with.
- Regardless of the keystore into which you imported your certificate, after importing, configure your keystore in the Transport Service configuration file, cd_transport_conf.xml, by inserting a
KeyStore element inside one of the following Sender elements:
- If you use the new publishing framework introduced in SDL Web 8, insert your
KeyStore element inside the Sender element with its Type set to DiscoveryService, that is, <Sender Type="DiscoveryService" Class="com.tridion.transport.connection.connectors.DiscoveryServiceTransportConnector">.
- If you use the old publishing framework that was deprecated in SDL Web 8, insert your
KeyStore element inside the Sender element with its Type set to HTTPS, that is, <Sender Type="HTTPS" Class="com.tridion.transport.connection.connectors.HTTPSTransportConnector">
Regardless of which Sender element you modify, add the following KeyStore element:
<KeyStore Path="c:\mydir\myks.keystore" Secret="mypassword" />
where c:\mydir\myks.keystore is the full path and filename to the keystore file into which you imported the certificate, and mypassword is the password of the keystore.