How to upgrade the EEM r12.x Server's certificate Algorithm to SHA256 or SHA512.

book

Article ID: 37650

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope) SUPPORT AUTOMATION- SERVER CA Service Desk Manager CA Service Desk Manager - Unified Self Service KNOWLEDGE TOOLS CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation AE - System Agent (AutoSys) CA Workload Automation AE - Business Agents (AutoSys) CA Process Automation Base

Issue/Introduction

This document will guide you through upgrading the digest to either SHA256, SHA384, or SHA512 for the EEM r12.x Server.  Using the eiam-clustersetup tool, that is already provided with the EEM r12.x install, running on Windows, Linux, and Unix environments.

Environment

Release:
Component: ETEIAM

Resolution

Follow these steps in order to upgrade the Digest Algorithm:

On the CA EEM Server where the certificates have to be issued, navigate to the following location %EIAM_HOME%\bin or $EIAM_HOME/bin, via command prompt:

1. Execute the following command:
       java -jar eiam-clustersetup.jar
  - A confirmation message appears.

2. Type Y (yes) and press Enter.

3. Execute the following command:
        modifycerts

4. The following message appears: INFO - Enter Certificate Key Length [default = 1024]
    I wouldn’t suggest upgrading the key length, as it may impact the client applications, if the versions are different (mismatched).
      In this case select: 1 (INFO - [1] 1024)

5. The following message appears: Enter Digest Algorithm [default = SHA256]
      Here you will select the number that corresponds with the desired algorithm you would like to upgrade to:

INFO  -    [1] SHA1
INFO  -    [2] SHA256
INFO  -    [3] SHA384
INFO  -    [4] SHA512 
 - Once you make your selection, you will receive a summary/confirmation message.

6. Type Y and press Enter.
       -You will see that it is generating the new certificates.

7. Once it is done generating the new certificates, type: status
      -This will verify that the two services are started.

8. Type: exit, to close out of the utility.

Now the CA EEM Server will use the newly generated certificates.