Question:
After importing custom certificate in PAM, the agents status changed to inactive.
What is the correct procedure to install custom certificates?
Answer:
Use following steps to import the certificate.
1. Stop PAM Service
2. To generate new keystore Open command prompt and navigate to '.JDK\bin' directory then execute following command.
Keytool -genkey -alias <<aliasname>> -keyalg RSA -keystore <<keystorename>>
The above command will prompt for a password to secure the c2okeystore. This password will be required in a later stage therefore lease keep a note of it.
3. Import the certificate in keystore using below command
keytool - import - alias myalias - file certfile - keystore "path_and_file_specification_for_keystore".
4. Copy the new keystore to <<PAM_INSTALLATION_DIRECTORY>>/server/c2o/.config/
Don t delete the existing “c2okeystore” from <<PAM_INSTALLATION_DIRECTORY>>\server\c2o\.config
5. Go to <<PAM_INSTALLATION_DIRECTORY>>\server\c2o
6. Run the command
PasswordEncryption.bat NEW_KEYSTORE_PASSWORD >password.txt
7. Edit and update the <<PAM_INSTALLATION_DIRECTORY>>\server\c2o\.config\OasisConfig.properties with the following entries
itpam.custom.web.keystorepath=<pam_dir>/server/c2o/.config/newcustomkeystore.jks
itpam.custom.web.keystore.password=<encrypted_password_of_custom_Cert>
itpam.custom.web.keystorealias=newaliasname
8. Backup current '.\PAM\server\c2o\deploy\jbossweb.sar\server.xml file OUTSIDE of PAM install directory.
Note: Don't backup the file in same folder.
9. Edit the Connector element to use non-default properties (example below has the word custom keyword added to out of the box properties)
<Connector protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
port="${tomcat.secure.port}" address="${jboss.bind.address}"
maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${itpam.custom.web.keystorepath}"
keyAlias="${itpam.custom.web.keystorealias}"
keystorePass="${itpam.custom.web.keystore.password}"
sslProtocol = "${SSL_PROTOCOL}" algorithm = "${X509_ALGORITHM}"ciphers="${jboss.ssl. ciphers}" useBodyEncodingForURI="true"
maxPostSize="12582912"/>
10. Save the file and Start PAM service