The DE Web Client is Apache-Tomcat application. You will use the keytool utility to generate the certificate.
./keytool -genkey -alias alias_name -keyalg RSA -keystore your_keystore -keysize 2048
Note: Change the alias_name to your hostname or something unique. Aliases within the keystore must be unique.
Answer all the questions that follow the keytool command.
You will be prompted to enter keystore password. Be sure to remember or make a note of it. If you forget the password, you will not be able to access the keystore.
Next generate the Customer Signing Request (CSR).
keytool -certreq -alias alias_name -file request.csr -keystore your_keystore
This will generate the CSR. Submit the CSR to CA (Certificate Authority) for signing. The CA will sign the certificate and may provide root, intermediate and public certificate. They may also provide instructions on how to import them.
keytool -import -trustcacerts -alias root -file ca_root.crt -keystore your_keystore
keytool -import -trustcacerts -alias intermediate -file ca_Intermediate.crt -keystore your_keystore
keytool -import -trustcacerts -alias alias_name -file domain.com.crt -keystore your_keystore
Add the CA Signed certificate to Apache-Tomcat (Web UI)
Navigate to install directory and then to apache-tomcat/conf
Edit the file “server.xml”, and find the code.
<Connector port="8443" protocol="HTTP/1.1"
Under the connector port section, look for:
Change the keyAlias name to what was used when generating the certificate. The alias name must match.
The path to keystore file must be correct. Provide the same password that was used when the keystore was created. Usual default password is 'changeit'.
Save the ‘server.xml’, and then restart the DE Web UI.
In your browser visit
If successful, the browser address bar will display a safety lock sign.