The keystore that will be used is a PKCS12 keystore and has already been created with all necessary CAs imported into the keystore.
The keystore and private key need to use the same password.
A copy of the root CA public cert stored in a file on disk.
KeyStore Explorer 5.4.3 or later - https://keystore-explorer.org/downloads.html
OpenJDK 14 or later - https://jdk.java.net/14/
It is best to install KeyStore Explorer and modify the keystore on the workstation or server where you plan to run Verastream Host Integrator (VHI). If that is not possible KeyStore Explorer can be installed on another workstation and the keystore can be copied to the VHI server.
Modifying the VHI Session Server to use a custom configuration:
1. Stop the VHI Session Server.
2. Install KeyStore Explorer 5.4.3 or later.
3. Extract the JDK 14 to a directory.
4. Create a directory called ājreā.
5. Copy the contents (bin, conf, include, jmods, legal, and lib) of the extracted JDK to the ājreā directory.
6. Copy the ājreā directory to the root directory of KeyStore Explorer.
7. Create a working directory on your machine to modify the keystore.
8. Copy the keystore into the working directory.
9. Make a backup of the file so you can easily revert back to the default file if necessary.
10. Run KeyStore Explorer.
11. Open the PKCS12 keystore.
12. Enter the keystore password and select āOKā.
13. Select āTools/Change KeyStore Type/BCFKSā.
14. Enter the keystore password and select āOKā.
15. Select āFile/Save Asā.
16. Enter the keystore filename you would like to use (e.g. vhiss.bcfks), but use an extension of .bcfks. Do not the keystore with the filename of āsever.bcfksā.
17. Select āsaveā to save the file.
18. You are now working in the file with extension of .bcfks.
19. Right click on the keystore entry and select āRenameā.
20. Enter the name āserver-containerā and select āOKā.
21. Save the keystore.
22. Right click again on the keystore entry, now called āserver-containerā and select āCopyā.
23. Select āEdit/Pasteā from the toolbar. A duplicate entry should be created with the name āserver-container (1)ā.
24. Right click on the entry āserver-container (1)ā and select āRenameā.
25. Enter a name of āexistingaliasnameā and select āOKā.
26. Select āTools/Import Trusted Certificateā.
27. Browse to the location where the root CA certificate file is stored and select the certificate and then āOpenā.
28. Enter the alias of ātrust-anchorā on the next screen and then click āOKā and āOKā again to dismiss the successful import dialog.
29. Your keystore should now look like this:
30. Save the keystore.
31. Copy the new keystore to the %VHI_HOME%/HostIntegrator/sesssrvr/etc directory).
32. Change directory to the %VHI_HOME/HostIntegrator/sesssrvr/services/ws/META-INF directory.
33. Backup the file āservice-ctx.xmlā by copying it to another directory.
34. Edit the āservice-ctx.xmlā in the āMETA-INFā directory.
35. Find the following entry (should be line 47 and 48):<!-- HTTPS context factory bean instance. -->
<property name="SSLContextFactory" ref="httpsContextFactory"/>
36. Replace those two lines with the following 13 lines (update pathing as necessary):<!-- HTTPS context factory bean instance. -->
<bean class="com.attachmate.integration.container.ssl.SSLContextFactorySC" init-method="initialize">
<bean class="com.attachmate.integration.container.ssl.KeyManagerFactorySC" init-method="initialize">
<property name="keystoreName"value="C:/Program Files/Micro Focus/Verastream/HostIntegrator/sesssrvr/etc/servlet.bcfks"/>
<property name="keystorePassword" value="YourPasswordGoesHere"/>
<property name="keyStoreType" value="BCFKS"/>
<property name="keyAlias" value="existingaliasname"/>
37. Save the file.
38. Start the VHI Session Server and test to your application.