ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

TDM Portal: What steps are needed to import a Third Party Certificate for Portal

book

Article ID: 189744

calendar_today

Updated On:

Products

CA Test Data Manager (Data Finder / Grid Tools)

Issue/Introduction

We would like to know the steps needed to import our own signed certificate into the TDM Portal's keystore.

Environment

Release : 4.6 - 4.9

Component : CA Test Data Manager Portal

Resolution

Here are the steps to import certificates   

1) Your security team should provide a PKCS #12 file (called for example my.p12 or my.pfx) which contains the private key and related certificate.  

2) 
This command will import the certificate and private key into the keystore in one single step. 

keytool -importkeystore -deststorepass <keystore_password> -destkeystore  <path_and_file_specification_for_keystore>   -srckeystore  <my.p12 or my.pfx file>   -srcstoretype PKCS12 
 

Now your keystore file contains your server certificate and its private key. You may be asked to enter the password to the p12/pfx file, so you will want that information handy. 

3) 
The portal needs to access the keystore <path_and_file_specification_for_keystore> you should therefore update application.properties 

tdmweb.keystorePath=<path_and_file_specification_for_keystore> 
 

4) The portal needs to use the <keystore_password> to access stored certificate and private key. You should therefore follow the steps in techdocs below, to create the encrypted version  

4a) To obtain an encrypted version of the keystore password. 
 

  1. Navigate to install_dir\service\bin. 
  2. Run the encryption utility and supply the password to encrypt as argument. 
    EncryptionUtil.bat -p  <accesspassword> 
  3. Save the encrypted value returned for entry in the properties file. 

4b) update the application.properties file with the encrypted password
tdmweb.keystorePassword=<encryptedpassword> 
 

5) Verify the trusted certificate and private key have been imported properly, and also verify the current Alias name. Note, you may also want to change the Alias name to for example Test Data Manager , run  

5a) To view the contents of the keystore, run:
keytool -list -v -keystore <path_and_file_specification_for_keystore>
 

You will see something similar  to ... 

Keystore type: JKS 
Keystore provider: SUN 
 
Your keystore contains 1 entry 
 
Alias name: 1 
Creation date: Jun 21, 2019
 
 

 ... is displayed   
 

In this example the alias name is 1. To change the alias name from 1 to Test Data Manager 

keytool -changealias -keystore <path_and_file_specification_for_keystore>   -storepass  <accesspassword>  -alias 1 -destalias "Test Data Manager" 
 

5b) update application.properties with the new alias 
tdmweb.keyAlias="Test Data Manager" 

6) Restart the CA Test Data Manager Portal service and verify the Portal is running on your new certificate.

Additional Information

For more information see "Managing Certificates"
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/continuous-testing/test-data-management/4-9/installing/manage-certificates.html

Also see Knowledge Base Article: TDM Portal: After replacing our expired SSL Certificates, No one is able to access Portal.

https://knowledge.broadcom.com/external/article?articleId=189740