Java KeyStore and Certificates

Java Keystore

JKS or Java KeyStore is used in Flow for some very specific scenarios where encryption is involved and there is a need for asymmetric encryption.

Partek Flow is shipped with a Java Keystore on its own, the file is found at .../partek_flow/distrib/flowkeystore where you may want to add your public and private certificates.

Adding a certificate to the KeyStore

If you already have a certificate please skip to the next step.

Create a certificate

Please place the key in a secure folder. (it is advisable to place in Flow's home directory. eg. /home/flow/keys

[~] openssl genrsa -out flow.key 2048
[~] openssl ecparam -genkey -name secp384r1 -out flow.key
[~] openssl req -new -x509 -sha256 -key flow.key -out flow.crt -days 3650

These commands above are meant to be used in a terminal. There are other ways to help you make a certificate but they will not going to be mentioned here.

If you wish to understand the flags used above please refer to the OpenSSL documentation.

Import a certificate into flowkeystore

For this step you will have to find where the cacerts file is located, it is under the Java installation, if you do not know how to do it contact us and we can help.

In the example the cacerts file is located at /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts

[~] keytool -import -file /home/flow/.partekflow/keys/flow.key -alias someName -keystore /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts -storepass changeit -noprompt

Tell the JVM where to find the key

We need to tell Partek Flow where the key is located, to do this we will edit a file which contains some of the Flow settings.

The file is usually located at /etc/partekflow.conf if you do not have this file we would advise to use the bashrc file from the system user that runs Partek Flow.

At the end of that file please add:

export CATALINA_OPTS="$CATALINA_OPTS -Djavax.net.ssl.trustStore=${HOME}/keys"

Additional Assistance

If you need additional assistance, please visit our support page to submit a help ticket or find phone numbers for regional support.

Last updated