This section of the users guide should provide you with the details of the identity keystore and credential stores: http://knox.apache.org/books/knox-0-12-0/user-guide.html#Management+of+Security+Artifacts
On Fri, Mar 24, 2017 at 8:43 AM, Jennifer Coston < [email protected]> wrote: > Thanks for the responses. So, what are the keystores in the /data/security > folder for? Are they keystores sent in response to incoming messages? > > > > -Jennifer > > > > *From:* larry mccay [mailto:[email protected]] > *Sent:* Thursday, March 23, 2017 5:45 PM > *To:* [email protected] > *Subject:* Re: How do I configure Knox to talk to a Web Service with a > Self-Signed Certificate over Https? > > > > +1 to Christopher's response. > > Thanks! > > > > On Thu, Mar 23, 2017 at 5:41 PM, Christopher Jackson < > [email protected]> wrote: > > Hi Jennifer, > > > > You need to add your self-signed certificate to the java keystore. It > should be added to the keystore of the java instance being used to run > Knox. This task isn’t really specific to knox but more so a common java > task. > > > > You can look online at the documentation for java keytool for specifics > but it would be something like this: > > > > keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass > changeme -alias <some-alias> -noprompt -file <some-cert> > > > > Regards, > > Christopher Jackson > > > > > > On Mar 23, 2017, at 4:01 PM, Jennifer Coston <[email protected]> > wrote: > > > > Hello Again, > > > > I am trying to determine how to configure Knox to talk to a web service > with a self-signed keystore (we are still in the early days of development) > over https. So in other words, I want my topology file to have this: > > > > <service> > > <role>HELLOSERVICE</role> > > <url>https://server.running.service:8447/demo</url> > > </service> > > > > Instead of this: > > > > <service> > > <role>HELLOSERVICE</role> > > <url>http:// server.running.service:8088/demo</url> > > </service> > > > > Can you please point me to some directions about how to go about doing > this? I thinking that I need to add the web service’s keystore to Knox’s > keystores so that it knows who it is talking to, but I’m not sure if there > is any additional configuration needed or how to go about adding a keystore > to Knox. I’ve found some diagrams online indicating that this should be > possible, but haven’t had any luck finding directions. > > > > Thank you! > > > > *Jennifer* > > > > >
