The connection between the ZIS and the SIF Agent can be secured using TLS. The settings are easily configured in the bb-config.properties, however, TLS encryption requires a keystore and possibly a truststore from the ZIS server to function properly. The instructions below explain how to create and configure a keystore as well as how to configure a truststore from the ZIS server.

To learn more about using TLS with SIF integration, review the SifWorks ADK documentation.

Create and configure the keystore

Windows

  1. Run the following from the command line:

    %JAVA_HOME%\bin\keytool -genkey -v -keystore C:\blackboard_home\config\certs\SIFagent.ks -alias SIFagent -keyalg RSA -keysize 1024

  2. The first prompt asks for a password for the keystore. The default password is "changeit".
  3. The next few prompts ask for information about the person creating the certificate. This information will appear to users when they first access the Collaboration Tool over TLS. Users are prompted to accept the certificate so it is important to provide accurate information so that users trust the certificate. The information recorded is:
    • First and Last Name
    • Organizational Unit
    • Organization
    • City or Locality
    • State or Province
    • Two-letter country code
  4. The last prompt asks for the password for the certificate. This password must be the same as the password entered in Step 2. Press ENTER to confirm that the same password will be used.
  5. The keystore will be created in the specified directory.
  6. Create a Certificate Signing Request (CSR) for the SIF agent and sign the certificate.

    %JAVA_HOME%\bin\keytool -certreq -keystore C:\blackboard_home\config\certs\SIFagent.ks -alias SIFagent -file SIFagent.csr

  7. Submit the CSR to a certifying authority (CA) or self-sign the certificate.
  8. Download the server certificate and the CA certificate and copy them to the ZIS server.
  9. Import the server certificate into the Blackboard server keystore.

    %JAVA_HOME%\bin\keytool -import -alias NAMEcaroot -file C:\blackboard_home\config\certs\NAME.cer -keystore C:\blackboard_home\config\certs\SIFagent.ks

    keytool -import -alias SIFagent -file C:\blackboard_home\config\certs\SIFagent.cer -keystore C:\blackboard_home\config\certs\SIFagent.ks

    keytool -list -keystore C:\blackboard_home\config\certs\SIFagent.ks -storepass changeit

  10. Share the keystore with the ZIS server.

UNIX

  1. Create a directory within the blackboard directory to hold the certificate.

    mkdir /blackboard_home/config/certs

    cd /blackboard_home/config/certs

  2. Create a keystore by running the following command and responding to the prompts:

    keytool -genkey -v -keystore SIFagent.ks -alias SIFagent -keyalg RSA -keysize 1024

    • Enter keystore password: changeit
    • What is your first and last name? first last
    • What is the name of your organizational unit? Product Development
    • What is the name of your organization? Blackboard Inc
    • What is the name of your city or locality? Washington
    • What is the name of your state or province? DC
    • What is the two letter country code for this unit? US
    • Is CN=first last, OU=Product Development, O=Blackboard Inc, L=Washington, ST=DC, C=US correct? Yes
    • Enter key password for (RETURN if same as keystore password): RETURN
  3. Create a Certificate Signing Request (CSR) for the SIF agent and sign the certificate.

    keytool -certreq -keystore SIFagent.ks -alias SIFagent -file SIFagent.csr

  4. Submit the CSR to a certifying authority (CA) or self-sign the certificate.
  5. Download the server certificate and the CA certificate and copy them to the ZIS server.
  6. Import the server certificate into the Blackboard server keystore.

    cd /blackboard_home/config/certs

    keytool -import -alias NAMEcaroot -file NAME.cer -keystore SIFagent.ks

    keytool -import -alias SIFagent -file SIFagent.cer -keystore SIFagent.ks

    keytool -list -keystore SIFagent.ks -storepass changeit

  7. Share the keystore with the ZIS server.

Configure TrustStore

Windows

Import the ZIS server certificate into the SIF Agent Trusted keystore.

cd C:\blackboard_home\config\certs

%JAVA_HOME%\bin\keytool -import -v -alias SIFWorks -keystore Trusted.ks -file ZIS.cer

Trust this certificate? [no]: yes

%JAVA_HOME%\bin\keytool -list -keystore Trusted.ks -storepass changeit

This will create a new keystore containing the ZIS certificate, which will be trusted.

UNIX

Import the ZIS server certificate into the SIF Agent Trusted keystore.

cd /blackboard_home/config/certs

keytool -import -v -alias SIFWorks -keystore Trusted.ks -file ZIS.cer

Trust this certificate? [no]: yes

keytool -list -keystore Trusted.ks -storepass changeit

This will create a new keystore containing the ZIS certificate, which will be trusted.