h3. Reported by Peter McKinnis, TIBCO Software Inc., [1-EL7QP3|http://supportapps.na.tibco.com/sr/1-EL7QP3]
h2. Description
{quote}
In the Spotfire Server 5.0 installation manual section 4.16 Configuring HTTPS, Step 4 (Install the Server certificate and private key) is not clear and confusing. The other steps are very clear and well done but this step leaves one wondering what to do.
This step "Install the Server and certificate and private key" does not make clear what one actually needs to do on this step. After going through this with a customer, it appears that one needs to copy a PFX or Keystore file into the directory listed. This needs to be more clear.
One may need to create this PFX or keystore file and those instructions should be given. The word "install" is confusing as well since one really is copying files created into this directory. The file copied in this step is then the file that should be set in the next step in the server.xml file. This is also not clear.
In the customer I was working with, I created a PFX file using information from this site: http://www.digicert.com/ssl-support/pfx-import-export-iis-7.htm. As stated, one could also create a Java keystore file using the Java keytool. Instructions for both needed to be included. Sometimes a customer will already have a PFX or Java keystore but not always.
The main thing is that this step is unclear what has to happen and how it applies to the next step when one modifies server.xml.
I think the section should look something like this:
{panel}
Install the server certificate and private key
A file containing the server certificate and its corresponding private key must be copied to the appropriate directory.
This file must be in either the PKCS#12 or Java Keystore (JKS) format. If one already has a file with these items in the appropriate format, then this file can just be copied into the directory. If one does not have a file in this format with these items, then one needs to obtain one or create one.
In order to create a Java keystore if one has a CSR/CER then do this:
(STEPS HERE FOR CREATING)
Or if one can obtain a PFX file with the items then do this:
(STEPS FOR THIS)
Or create a PFX file then do this:
(STEPS FOR THIS)
Once a file containing the server certificate and its corresponding private key in a proper format has been created, then it can be copied to the following directory:
/jdk/jre/lib/security
This file and its password are then used in the next step to fill in the file and password information in the server.xml file.
{panel}
I am not sure if all the steps can be spelled out for a PFX file or not, but one can create a keystore using the keytool that is installed with Java. Hope that is helpful.
The attached document "How-to-Configure-HTTPS-on-Spotfire-Server-Using-CERTSRV.pdf" is somewhat for a specific environment and certificate authority. That being said, Step 8 in the document is how I created a PFX at the client that I was working with. That will work in some cases but not all.
Step 8 could be included in the documentation as one way to create a PFX file and get the correct file needed.
The note in Step 11b after the screen shot is also important as the information that the file created in an step 8 is what is needed here is not as clear in the current server documentation.
{quote}
