Solution
The following instructions assume that a root CA certificate was created using a third party SSL tool as per the instructions in the Administration guide " Use DXcertgen to Request and Use a Third-party Certificate for a DSA Certificate".
Once the third party certificate has been imported in the trusted.pem, you still need to import this into the Jxweb or JXplorer keystores.
There are two ways of doing this. The first and simplest way is to import the root cert using JXplorer.
- Open JXplorer.
- In the Security menu, select 'Trusted Servers and CAs'.
- Select to 'Add Certificate'. This will prompt you for a password. By default, the password is 'changeit'. It may have already been changed.
- Add the new trusted.pem file - this can be called any name, the old one can be removed later.
- Login using SSL to test the import.
For JXweb:
- Open JXplorer.
- In the Security menu, select 'Advanced Keystore Options'.
- Under 'Setup the Trusted CA/Server keystore', save the current path value then change the path of the cacerts keystore to that of the Jxweb cacerts keystore. This is normally found in
\Program Files\CA\Directory\dxwebserver\webapps\jxweb\docs\security
Load this and press 'ok'.
- In the Security menu, select 'Trusted Servers and CAs'
- Select to 'Add Certificate'. This will prompt you for a password. By default, the password is 'changeit'. It may have already been changed.
- Add the new trusted.pem file.
- Change the path to the cacerts keystore back to the original JXplorer path.
- Restart the dxwebserver service.
- Login to Jxweb using SSL to test the change.
The second way to do this is to use the java keytool:
- Ensure trusted.pem only includes the Begin Certificate/End Certificate parts to comply with x.509 format.
- Using java keytool import the trusted.pem into the cacerts keystore for either JXweb or JXplorer.
Example:
> keytool -import -trustcacerts -file <path to trusted.pem> -keystore <path to cacerts> -storepass <password>
- If using Jxweb, restart the dxwebserver service.
- Login to the desired client via SSL to test.