Description:
This technical documents outlines the procedure to convert a .pfx certificate into a Java keystore when configuring SSL.
Solution:
*** Replace <pfx_password>, <pfx_file>, and <pfx_password> with the actual values ***
- Copy the pfx file to %USM_HOME%
- Execute %USM_HOME%\usm.cmd
- Type the following command on the command prompt:
keytool -importkeystore -deststorepass <pfx_password> -destkeystore "%USM_HOME%\.keystore" -srckeystore <pfx_file> -srcstoretype PKCS12 -srcstorepass <pfx_password>
- Update the keystore password in %USM_HOME%\viewService.conf:
wrapper.java.additional.12=-Djavax.net.ssl.trustPass=<pfx_password>
- Update the %USM_HOME%\view\conf\server.xml
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true"
keystorePass="<pfx_password>" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Program Files (x86)\CA\Service Catalog\.keystore"/>
- Restart CA Service View
Note that the keystore password will need to be the same as the pfx. This is a known bug in Tomcat 5.5.