You are here: Troubleshooting > ElectricFlow Server Certificate Fails Security Scan

ElectricFlow Server Certificate Fails Security Scan

Description:

You might need to replace the ElectricFlow server certificate if it fails the security scan. There are three relevant configuration entries in the server/conf/commander.properties file:

COMMANDER_HTTPS_PORT=8443
COMMANDER_KEYSTORE=file:conf/keystore
COMMANDER_KEYSTORE_PASSWORD=abcdef

Where:

Workaround:

Follow these steps to generate and inject a self-signed certificate for 1 year.

  1. Back up the keystore file.
  2. Delete the original key.
user@USER /cygdrive/c/ProgramData/Electric Cloud/ElectricCommander/conf
$ "c:/Program Files/Electric Cloud/ElectricCommander/jre/bin/keytool" -delete -alias jetty -keystore keystore -keypass passkey
Enter keystore password: abcdef
  1. Generate and inject a new certificate.
user@USER /cygdrive/c/ProgramData/Electric Cloud/ElectricCommander/conf
$ "c:/Program Files/Electric Cloud/ElectricCommander/jre/bin/keytool" -keystore keystore -alias jetty -genkey -keyalg RSA -sigalg MD5withRSA -validity 365
Enter keystore password: abcdef
What is your first and last name?
  [Unknown]:  localhost
What is the name of your organizational unit?
  [Unknown]: <Enter>
What is the name of your organization?
  [Unknown]: <Enter>
What is the name of your City or Locality?
  [Unknown]: <Enter>
What is the name of your State or Province?
  [Unknown]: <Enter>
What is the two-letter country code for this unit?
  [Unknown]: <Enter>
Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes
Enter key password for <jetty>
  (RETURN if same as keystore password): <Enter>
  1. Restart the server.

Your new certificate will look similar to this:

user@USER /cygdrive/c/ProgramData/Electric Cloud/ElectricCommander/conf
$ "c:/Program Files/Electric Cloud/ElectricCommander/jre/bin/keytool" -list -v -keystore keystore_orig -keypass passkey
Enter keystore password: abcdef
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: jetty
Creation date: Jan 31, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Serial number: 4f28603f
Valid from: Tue Jan 31 13:42:23 PST 2012 until: Wed Jan 30 13:42:23 PST 2013
Certificate fingerprints:
MD5:  38:50:CD:29:8C:16:3A:78:29:0F:45:56:E0:CA:42:D9
SHA1: 9B:A3:E4:EA:A7:C0:3A:ED:BF:63:24:18:F0:08:78:22:59:85:BC:8A
Signature algorithm name: MD5withRSA
Version: 3
*******************************************
*******************************************
Previous TopicNext Topic