Skip Navigation

Prepare your application server

The PKI connector sample implementation uses an 
Apache Tomcat
 application server, but any application server can be used with a PKI connector. It is a best practice to deploy the application server on a different computer than the one that hosts 
BlackBerry UEM
  1. Open a command window.
  2. Run the following command:
    cd <unzipped path>/gd-ca-adapters/src/main/java/com/good/adapters/entrust/util
  3. Go to the target/classes folder and run the following command:
    java com.good.adapters.entrust.util.GenerateSSLCertificateForEntrustCA ENTRUST_HOSTNAME <password>
  4. In the list of certificates to trust, select the root certificate.
  5. Copy the resulting 
     file to the following 
     installation directory: $JAVA_HOME/jre/lib/security.
  6. Edit the Tomcat 
     file ($TOMCAT_DIR/conf/server.xml) to specify the port that the PKI onnector listens on and the paths to the KeyStore and TrustStore. See the following example (change the port, KeyStore, and TrustStore values as necessary):  
    <Connector port="8090" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <Connector protocol="HTTP/1.1" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/c:/newcerts/foobar.jks" keystorePass="foobarpwd" truststoreFile="/c:/newcerts/cacerts.jks" truststorePass="cacertspassword" clientAuth="true" sslProtocol="TLS"/>