How to establish a connection to the Spectrum server using SSL via the command line utility

UPDATED: September 11, 2017

This article is based on the assumption that all steps needed to successfully configure SSL for Spectrum on the server side have been implemented and tested.
This also assumes that your SSL certificate is not signed by a well-established certification authority (CA), such as VeriSign. A certificate signed by a CA should not impede the use of the Command Line Interface (CLI) and you should only need to follow these steps in the case that you have a self-signed certificate.
  1. Export the server-trusted certificate by accessing the Spectrum server instance via the welcome page in your browser - servername:port
    • Make sure the certificate is exported as a "DER encoded binary X.509" format. Save it on your desktop.
  2. Create the trusted key store at the client level where the Admin Utility CLI will be executed. Using the certificate exported in step 1, execute the keytool.exe process located in the JRE bin directory to create a keystore file ‘mycacerts’
    • For example:- C:\Program Files (x86)\Pitney Bowes\Spectrum Client Tools\jre\bin>keytool -keystore mycacerts -storepass changeit -import -alias spectrum -file "\Desktop\CertificateName.cer"
  3. Add the following Java option to the CLI.bat file included with the Spectrum Admin Utility to reference the trusted kesytore:
    •"C:\Program Files (x86)\Pitney Bowes\Spectrum Client Tools\jre\bin\mycacerts"
  4. Connect to Spectrum Server using CLI with the --s (HTTPS) switch.

Environment Details

Products Affected: Spectrum Technology Platform


  • No Downloads