NOTE: This is the only Broadcom tested and approved process to import a CA certificate.

The process below will help you create and import a server certificate signed by your root CA and trusted by the browsers.

The same steps apply to the wasp probe to Cabi, Admin Console, and Operator Console.

Prerequisites

Verify the following prerequisites before continuing:

- You are an administrative user with access to Infrastructure Manager.
- Wasp probe is configured to use HTTPS.
- Access to the server you want to create the certificate for.

Part 1: Create a password for wasp.keystore:

1. SSL reinitializes keystore (wasp callback) to reset the wasp.keystore

       Follow these steps:

       A- Open Infrastructure Manager.
       B- Navigate to the robot you want to create the certificate for.
       C- Click on the wasp probe to highlight it.
       D- Press Ctrl+<P> to open the probe utility.
       E- In the drop-down list under the Probe command set, select ssl_reinitialize_keystore.
       F- Enter a new password as an argument.
            Use a password that is at least six characters long. The wasp probe utility will not prevent you from using a shorter password. save this password as you will need to use this password in the next steps.
       G- Click the green play button to run the callback.
       H- The Command status bar displays the text OK.
            Securely record the password you set for future use.

Part 2:Set the keytool Path:

1.  RDP/ssh to the server that you want to create the certificate for then open command prompt as administrator

2. Run the below commands to locate the keytool 

cd \

dir /b/s keytool.exe

3. Add the directory where keytool.exe resides to the PATH variable.
use the keytool that with Nimsoft location

PATH=%PATH%;<directoryWhereKeytool.exeResides>

For example:
PATH=%PATH%;C:\Program Files\Nimsoft\jre\jre8u282b08\bin


4. go to Nimsoft\probes\service\wasp\conf:

For example:
cd C:\Program Files\Nimsoft\probes\service\wasp\conf


5. Verify you can access wasp.keystore, run the list command

keytool -list -alias wasp -keystore wasp.keystore

the keystore password is what you created in Part 1

Part 3:Create keypair and CSR:

1 . Run the below command to delete the automatically generated wasp keystore certificate, the password is what you created in Part 1

keytool -delete -alias wasp -keystore wasp.keystore

2. Verify keystore has deleted the automatically-generated certificate

keytool -list -keystore wasp.keystore

3. generate public and private keys

keytool -genkeypair -alias wasp -keyalg RSA -keysize 2048 -keystore wasp.keystore -validity 999

Please consult with your team about the key pair and the CSR information (server name, Organizational unit,...etc).

4. Generate CSR

keytool -certreq -alias wasp -validity 999 -keystore wasp.keystore -file certificate_filename.csr -ext SAN=dns:server.test.com,ip:<ipaddress>

5. The CSR file can be located in \Nimsoft\probes\service\wasp\conf

Please share the CSR with your internal team to sign it.

We highly recommend taking a backup of the wasp.keystore at this point

Part 4: Import the signed certificates:

Your team should provide the below certificates:

- Root CA certificate
- intermediate certificate/s (if applicable).
- Signed server certificate.

Please follow the below steps to import the certificates:

1- Copy/paste the Root certificate, intermediate certificates (if any), and the server signed certificate to the folder 

<instillation location>\Nimsoft\probes\service\wasp\conf

2- Import Root certificate

keytool -import -file  <CA root certificate file> -alias rootCA -keystore wasp.keystore -trustcacerts

3- Import INtermediate certificate ( if available)

keytool -import -file  <CA Intermediate certificate file> -alias Intermediate -keystore wasp.keystore -trustcacerts

4- Import Signed certificate

keytool  -import  -alias wasp  -file <CA signed certificate file> -keystore wasp.keystore

5- Restart wasp probe on the Cabi robot and verify the Cabi loads with the signed certificate.