Importing a certificate for publishing over HTTPS

To perform HTTPS uploads (necessary for HTTPS transport) the Transport Service requires access to a certificate that allows it access to the destination, otherwise transport will fail. To perform import of a certificate, use the command-line tool keytool or the GUI-based Policy Tool. You can import into a default keystore or create your own keystore.

Before you begin

Familiarize yourself with the import tool you will be using. Both keytool and Policy Tool are included in the Java Development Kit. The following Web resources explain how to use these tools:

Procedure

  1. Your Java Runtime Environment (JRE) ships with a default password-protected keystore known as the CACERTS keystore. By default, the password for this keystore is changeit. To import your certificate into this keystore, execute the following command from the command prompt:
    keytool -import -file mycertificate.cer -keystore c:\path\to\jre\lib\security\CACERTS

    where mycertificate.cer is your certificate file, and c:\path\to\ is the path to your JRE.

  2. Alternatively, if you want to import your certificate into your own custom keystore instead, create the keystore and import the certificate with the following command:
    keytool -import -file mycertificate.cer -keystore c:\mydir\myks.keystore

    where mycertificate.cer is your certificate file, and c:\mydir\myks.keystore is the full path and filename to the keystore file you want to create. Keytool prompts you for a password to secure this new keystore with.

  3. Regardless of the keystore into which you imported your certificate, after importing, configure your keystore in the Transport Service configuration file, cd_transport_conf.xml, by inserting a KeyStore element inside the Sender element with its Type attribute set to HTTPS, as follows:
    <Sender Type="HTTPS" Class="com.tridion.transport.connection.connectors.HTTPSTransportConnector">
    	<KeyStore Path="c:\mydir\myks.keystore" Secret="mypassword" />
    </Sender>

    where c:\mydir\myks.keystore is the full path and filename to the keystore file into which you imported the certificate, and mypassword is the password of the keystore.