How to change SSL trust store location for LDAP or Authentication systems in CA WA DE?

book

Article ID: 110653

calendar_today

Updated On:

Products

DSERIES- SERVER CA Workload Automation DE - System Agent (dSeries)

Issue/Introduction

The CA Workload Automation DE allows users to authenticate via LDAP or Authentication system.  If secure or ldaps is used, then a trust store will be needed to store all the SSL certificates.  The same key store or trust store is used to store certificate for multiple LDAP or Authentication systems.  If more than one Authentication system is added, the SSL certificates will then have to be added to the same key store that was defined the first time.

The Desktop Client allows entering the keystore or trust store location and password the first time.  It does not allow changing this once it has been added.
Where can this setting be changed?

<Please see attached file for image>

User-added image

Environment

CA Workload Automation DE 11.3 / R12.x

Resolution

If the trust store location needs to be changed for any reason, then delete the defined Authentication System(s) in Desktop Client.
Next, edit the db.properties file in <DE installer directory>/conf.
Remove the following entries and then restart the DE server.
 
#
# Added by Manager
#
javax.net.ssl.trustStore=/some_location/keystore
javax.net.ssl.trustStorePassword=00002ALWNfqmhXXXXXXX==



 

Additional Information

Note:  Make a backup of db.properties file before making any changes.  The file may have several other properties under "Added by Manager".  Only remove the above mentioned lines. 

For more information on how to setup a keystore, check out this Knowledge Doc.

Attachments

1558697679916000110653_sktwi1f5rjvs16j1o.png get_app