DWS certificate management

DWS generates the following server certificates:

  • A root CA certificate.

  • A certificate for port 8444, which is signed by the root CA certificate. Port 8444 is used by the Unified Client for Xerox.

  • A certificate for port 8443, which is used by other ControlSuite clients.

These certificates have the following attributes:

  • DWS generates the certificates using SHA-256 when DWS starts.

  • DWS certificates expire five years from the date they were generated.

  • DWS checks the presence of valid certificates during startup. If a DWS-generated certificate has expired, a new one is generated.

  • The DWS root CA certificate is installed during the device registration process. When it has expired after five years, a new DWS root CA certificate is generated, but it must be manually installed.

If you use your own certificate, it will need to be imported into the keystore that holds the DWS certificates. This certificate is the one presented by DWS.

  1. Locate the DWS Keystore Path.

    For example: C:\Windows\System32\config\systemprofile\AppData\Local\Nuance\Integrated\DWS\webserver\conf\dws-server-key.jks

  2. Find the keystore password in the keystorePass attribute in the server.xml file in the same folder.
  3. If you need to remove an existing certificate, use keytool.exe to run the following command.

    The keytool.exe program is located in the DWS Installation Folder. (For example: C:\Program Files\Nuance\Shared Services\DWS) 

    "<DWS Installation Folder>\JDK\jre\bin\keytool.exe" -delete -alias "<alias>" -keystore "<Keystore File>"
  4. Import the certificate for the certificate authority that generated the DWS certificate. Use a unique alias for each certificate. Use the following command: 
    "<DWS Installation Folder>\JDK\jre\bin\keytool.exe" -import -file "<Certificate file>" -alias "<alias>" -keystore "<Keystore File>" -trustcacerts
  5. Import the DWS certificate using "tomcat" as the alias. Use the following command: 
    "<DWS Installation Folder>\JDK\jre\bin\keytool.exe" -import -file "<Certificate file>" -alias "tomcat" -keystore "<Keystore File>"