Adding certificates for third party applications to Identity Suite in vAPP (Virtual Application)


Article ID: 105915


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal


You require SSL connectivity between vAPP and a third party application which requires the installation of certificates.


The documentation below explains how to update the certificates only for the built-in vAPP components, not for external, third party components:

The following directory contains the SSL certificates that are used by the built-in vApp management web UI: /opt/CA/VirtualAppliance/custom/apache-ssl-certificates You can replace the following files with your own generated SSL certificates in Apache HTTP server compatible format: localhost.crt (public key) localhost.key (private key) Notes: Verify that you keep a backup of the certificates before replacing them After replacing the certificates, run the following command to reload the web server on every server on which the certificates were replaced. The server starts with the replaced certificates: sudo /etc/init.d/httpd reload.

To add certificates for external applications, components and web services,  you can use the Java keytool functionality as described below.


Component: IDSVA


Use "keytool" to add certificates for external components or applications:

The vApp's Java keystore (/opt/CA/jdk1.8.0_71/jre/lib/security/cacerts) has write privileges for user config.

By using Java's "keytool" command, you should be able to add certificates to the keystore.

You can read more about the keytool command at various links: