Adding certificates for third party applications to Identity Suite in vAPP (Virtual Application)
Article ID: 105915
Updated On: 02-12-2025
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
CA Identity Suite
Issue/Introduction
You require SSL connectivity between vAPP and a third party application which requires the installation of certificates.
The documentation below explains how to update the certificates only for the built-in vAPP components, not for external, third party components:
The following directory contains the SSL certificates that are used by the built-in vApp management web UI: /opt/CA/VirtualAppliance/custom/apache-ssl-certificates You can replace the following files with your own generated SSL certificates in Apache HTTP server compatible format: localhost.crt (public key) localhost.key (private key) Notes: Verify that you keep a backup of the certificates before replacing them After replacing the certificates, run the following command to reload the web server on every server on which the certificates were replaced. The server starts with the replaced certificates: sudo /etc/init.d/httpd reload.
To add certificates for external applications, components and web services, you can use the Java keytool functionality as described below.
The documentation below explains how to update the certificates only for the built-in vAPP components, not for external, third party components:
The following directory contains the SSL certificates that are used by the built-in vApp management web UI: /opt/CA/VirtualAppliance/custom/apache-ssl-certificates You can replace the following files with your own generated SSL certificates in Apache HTTP server compatible format: localhost.crt (public key) localhost.key (private key) Notes: Verify that you keep a backup of the certificates before replacing them After replacing the certificates, run the following command to reload the web server on every server on which the certificates were replaced. The server starts with the replaced certificates: sudo /etc/init.d/httpd reload.
To add certificates for external applications, components and web services, you can use the Java keytool functionality as described below.
Environment
Release:
Component: IDSVA
Component: IDSVA
Resolution
Use "keytool" to add certificates for external components or applications:
The vApp's Java keystore located:
/opt/CA/java/jre/lib/security/cacerts
has write privileges for user config.
By using Java's "keytool" command, you should be able to add certificates to the keystore.
You can read more about the keytool command at various links:
docs.oracle.com keytool
Additional Information
Import the certificate to the keystore.
keytool -importcert -keystore /opt/CA/java/jre/lib/security/cacerts -file <path to certificate>
you can optionally add alias:
-alias <alias for certificate>
Feedback
Was this article helpful?
Yes
No
Powered by
