Add your own certificate when configuring CCI SSL for CA OM Web Viewer 12.1 for USS

book

Article ID: 32853

calendar_today

Updated On:

Products

CA Output Management Web Viewer

Issue/Introduction

How to use your own certificate when setting up CA Output Management Web Viewer 12.1 for CCISSL.


Environment

Release: CA Output Management for Web Viewer 12.1 for USS

Component: WBVLUW

Resolution

Putting the certificate in the keystore:

1. Assuming 'DIGICERT.CAICCI.XXXXXXX' is a certificate in a format that the Java keystore program uses.

2. On OMVS, create a temporary work folder. For example:

mkdir $HOME/keystore

3. FTP 'DIGICERT.CAICCI.XXXXXXX' using binary transfer to OMVS file $HOME/keystore/ccicert where ccicert will be the file - you can name this whatever you want.

4. On OMVS, ensure Java (${JAVA_HOME/bin) is in your path (for your session) - this should contain the "keytool" program. Note: It should already be there.

5. Set your current directory to the one containing the just FTP'd certificate file. For example:

cd $HOME/keystore

6. Issue command:

keytool -importcert -file $HOME/keystore/ccicert –keystore $HOME/keystore/cci.jks

7. When prompted for a password, enter the certificate's password.

8. When prompted to trust this certificate, respond "yes"

9. Note: If you also have a "Client End User Certificate", you will need to import that into the same keystore file.

10.When done, there should be a file named "cci.jks" in your temporary work folder. Note the full path to this file as well as the certificate password (same password used to secure the keystore file).

Running the Web Viewer configtool to specify the location of the certificate.

1. Run the ConfigTool

1. Select your configuration type

3. Select "1: CCI Settings"

2. When prompted for "CCISSL: SSL connection", select either 2 (defer) or 3 (force).

3. When prompted for "CCISSL: Encryption Keystore", enter the full path to the keystore file created above. For example:

   $HOME/keystore/cci.jks

4. When prompted for a password, enter the keystore (same as certificate) password.

5. Respond to the remaining questions.

6. When prompted, test the connection.

7. Save the changes.

 If Tomcat is active, stop/start it to ensure setting changes are all picked up.