How to add your own certificate when configuring CCI SSL for CA Output Management Web Viewer 12.1 for USS

Document ID : KB000032853
Last Modified Date : 14/02/2018
Show Technical Document Details

Summary

How to use your own certificate when setting up CA Output Management Web Viewer 12.1 for CCISSL.

 Instructions:  

Putting the certificate in the keystore: 
 

1.    Assuming 'DIGICERT.CAICCI.XXXXXXX' is a certificate in a format that the Java keystore program uses.

2.  On OMVS, create a temporary work folder. For example:
mkdir $HOME/keystore

3.    FTP 'DIGICERT.CAICCI.XXXXXXX' using binary transfer to OMVS file $HOME/keystore/ccicert where ccicert will be the file - you can name this whatever you want.

4.    On OMVS, ensure Java (${JAVA_HOME/bin) is in your path (for your session) - this should contain the "keytool" program. Note: It should already be there.

5.  Set your current directory to the one containing the just FTP'd certificate file. For example:
cd $HOME/keystore

6.  Issue command:
keytool -importcert -file $HOME/keystore/ccicert –keystore $HOME/keystore/cci.jks

7.    When prompted for a password, enter the certificate's password.

8.    When prompted to trust this certificate, respond "yes"

9.    Note: If you also have a "Client End User Certificate", you will need to import that into the same keystore file.

10.When done, there should be a file named "cci.jks" in your temporary work folder. Note the full path to this file as well as the certificate password (same password used to secure the keystore file).

Running the Web Viewer configtool to specify the location of the certificate.

1. Run the ConfigTool

1. Select your configuration type

3. Select "1: CCI Settings"

2. When prompted for "CCISSL: SSL connection", select either 2 (defer) or 3 (force).

3. When prompted for "CCISSL: Encryption Keystore", enter the full path to the keystore file created above. For example:
   
$HOME/keystore/cci.jks

4. When prompted for a password, enter the keystore (same as certificate) password.

5. Respond to the remaining questions.

6. When prompted, test the connection.

7. Save the changes.

 If Tomcat is active, stop/start it to ensure setting changes are all picked up.