Importing a certificate into the truststore for Common Component

Ops Center Automator Installation and Configuration Guide
Version
11.0.x
Audience
anonymous
Part Number
MK-99AUT000-24

To import a certificate to the truststore (ldapcacerts or jssecacerts), use the hcmds64keytool utility (for Windows) or the keytool utility (for Linux).

  • Prepare a certificate

    Securely obtain the certificate.

    • For communication with an LDAP directory server:

      The certificates issued by all the authorities from the authority that issued an LDAP directory server certificate to the root certificate authority must form a certificate chain. The certificate must satisfy the product requirements for Common Component.

    • When using a certificate authority:

      The certificates issued by all the authorities from the authority which issued the Common Component server certificate to the root certificate authority must form a certificate chain.

    • When using a self-signed certificate:

      Obtain a Common Component self-signed certificate.

  • Verify that you have the password to access the truststore, if the truststore already exists.
  1. Run the following command:
    In Windows:

    Common-Component-installation-folder\bin\hcmds64keytool -import -alias alias-name -file certificate-file-name -keystore truststore-file-name -storetype JKS

    In Linux:

    Common-Component-installation-directory/uCPSB11/jdk/bin/keytool -import -alias alias-name -file certificate-file-name -keystore truststore-file-name -storetype JKS

    Where:
    • alias: Specify the name used to identify the certificate in the truststore. If there are two or more server certificates, specify an alias name which is not used in the truststore.
    • keystore: Specify the truststore file path of the import destination. If no truststore file exists, one will be automatically created.

      You should import LDAP directory server certificates into ldapcacerts. To share a certificate with other programs, you can import the certificate into jssecacerts.

    The truststore (ldapcacerts or jssecacerts) file paths are as follows.

    jssecacerts

    • For Windows:

      Common-Component-installation-folder\uCPSB11\hjdk\jdk\lib\security\jssecacerts

    • For Linux:

      Common-Component-installation-directory/uCPSB11/hjdk/jdk/lib/security/jssecacerts

    ldapcacerts

    • For Windows:

      Common-Component-installation-folder\conf\sec\ldapcacerts

    • For Linux:

      Common-Component-installation-directory/conf/sec/ldapcacerts

    Note: You are prompted to enter the truststore password in interactive mode. When prompted, specify a password of your choice used to access the truststore (minimum of 6 characters). If the truststore already exists, specify the current truststore password.
  2. Restart the Common Component services.