At the time of this writing, the IBM Smart Business Server’s control panel doesn’t allow importing a secure certificate (SSL cert). Never-the-less it is possible to install a valid (CA signed) secure certificate from the command line. This article assumes that the reader is familiar with SSL and the basic SSL KEY, CSR, and CRT generation step. We are therefore picking up at the point where you have an SSL KEY as well as an SSL CRT. You will also need a machine that has installed (any Linux or Mac box will do). In fact the smart business server itself has openssl installed, as well as keytools, so all the steps can be performed directly on the smart business server.

Please note that this is a draft document, and work in progress. At this time only the public facing websites have been successfully set up with a CA signed certificate.

  • The Apache configuration file for the setup wizard is:
  • The Apache configuration file for the intranet is here: with the corresponding SSL configuration here:
  • First copy the new key and cert (in the same file, key goes on top and then the cert) into
  • (Optional, this step hasn’t been successfully tested, because a non-RFC compiant method is used.) To create an RFC compliant PKCS8 version of the key pair where the intranet config file is expecting it:
  • Make sure the CA bundle is made available and properly reference in the above mentioned config files ()
  • Create a PKCS12 version of your certificate:(at the time of this writing, the default cert store password hard coded in the VERDE install is )
  • Location of the Java SSL Keystore:
  • Location of the [SAFEv3] encription tool:
  • Password retrieval command:
  • Create a new keystore based on the PKCS#12 cert:
  • Update the Keystore configuration reference in (use the password retrieved above).
  • Copy the PKCS#12 cert to the VERDE Tomcat cert store:(Make sure you save your previous copies of any file you modify.)

At this point, you have to restart the system, to make sure that all public services get the proper certificate loaded on boot. If you prefer, you can restart the services:

  • restart the VERDE software from the web console

References

  • http://conshell.net/wiki/index.php/Keytool_to_OpenSSL_Conversion_tips
  • http://cunning.sharp.fm/2008/06/importing_private_keys_into_a.html
  • Many thanks to the bISV IBM support team