This document outlines the step by step instructions to replace the default CA Embedded Entitlements Manager (EEM ) certificate with your own p12 certificate issued by a certified vendor such as VeriSign.

Embedded Entitlements Manager (EEM/EIAM) release 12.5 and higher

In order to replace the default CA Embedded Entitlements Manager (EEM ) certificate with your own p12 certificate, follow the steps below:

1. Copy your p12 certificate to iTechnology folder. (e.g. \Program Files\CA\SharedComponents\iTechnology or Program Files\CA\SC\iTechnology)
   
   
2. Stop the CA iTechnology iGateway service.
   
   
3. Edit \Program Files\CA\SharedComponents\iTechnology\igateway.conf and update the <Connector name="defaultport"> section
   
   -Set certType to p12
   
   -Set certURI to your .12 certificate filename, e.g eem.p12.
   
   
4. IMPORTANT:  save, then close the igateway.conf file at this time.  This is because the next step will continue to modify the igateway.conf file to update with your encrypted certificate password.  We will open the file once more to confirm all changes have been made.
5. Run ConfigTool command to set the certPW tag to the munged (encrypted) password as per below.
   
   e.g.
   

   C:\Program Files (x86)\CA\SC\iTechnology>ConfigTool -munge -version 4.6.0.0 -comp igateway -tag "TransportReceiver=HTTP;Connector=defaultport;certPW;" -passwd password1234

   
   What this command does is update the igateway.conf file such that the "certPW" tag is updated with the encrypted password.  The input password in the above command example is "password1234".
   
   
6. Open the igateway.conf file to confirm the changes have been made per the above.  Save/close the file.
   
   
7. Start the CA iTechnology iGateway service

Please see KB Article 276143 for corresponding instructions on using a pem and key certificate (no password needed)