Skip to main content

Obtaining a Trusted Certificate

For optimal security, if users are connecting to FlexNet Manager for Engineering Applications Admin from outside your organization, you should obtain a trusted certificate from a certificate authority. A list of certificate authorities can be found in SSL Configuration HOW-TO (http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html). Each certificate authority has its own instructions, but all require that you submit a certificate signing request (CSR) that you can generate from the test keystore using the keytool utility.

To obtain a trusted certificate:

  1. First, consult your own IT department for a trusted certificate.

    • Sometimes an organization will create and issue their own certificates so it's always good to check there first.
    • If your IT department cannot provide you with an internally created trusted certificate, proceed to the next step.

  2. Generate a CSR in a file named p.csr for a key pair and certificate already in a keystore called keystore in the current directory by typing the following text:

    • keytool -certreq -keyalg RSA -alias tomcat -file tomcat.csr <br/>-keystore keystore

  3. Submit this CSR as instructed by the certificate authority you chose.

  4. After you receive a trusted certificate from the certificate authority, load the certificate authority’s chain (or root) certificate (in a file named rootcrt) into the keystore used to generate the CSR. If the certificate is in a format understood by the keytool utility, type:

    • keytool -keystore &lt;keystore&gt; -import -alias root -file &lt;rootcrt&gt; -trustcacerts

    • If it is not in a format understood by the keytool utility, see SSL Configuration HOW-TO or documentation from the certificate authority.

  5. After the root certificate has been loaded, load the new certificate (in a file named newcrt) into the keystore used to generate the CSR. If the certificate is in a format understood by the keytool utility, type:

    • keytool -keystore &lt;keystore&gt; -import -alias tomcat -file &lt;newcrt&gt; -trustcacerts

    • If it is not in a format understood by the keytool utility, see SSL Configuration HOW-TO or documentation from the certificate authority.


`keytool -certreq -keyalg RSA -alias tomcat -file tomcat.csr -keystore keystore `


`keytool -keystore <keystore> -import -alias root -file <rootcrt> -trustcacerts `


`keytool -keystore <keystore> -import -alias tomcat -file <newcrt> -trustcacerts `