Implement CA Keystore with DevTest IAM and VS Catalog

Document ID : KB000112483
Last Modified Date : 30/08/2018
Show Technical Document Details
Introduction:
How to implement a keystore with a CA chain with DevTest IAM and VS Catalog
Instructions:
Configuring using a Certificate Authority (CA) keystore with IAM:

1. Copy your keystore to the /IdentityAccessManager/certs folder
2. Make a backup of /IdentityAccessManager/standalone/configuration/standalone.xml
3. Edit /IdentityAccessManager/standalone/configuration/standalone.xml
4. Do a search on webreckeys.ks it will be this line:

<ssl>
  <keystore keystore-password="passphrase" path="./certs/webreckeys.ks" relative-to="jboss.home.dir"/>
</ssl>

5. Change passphrase to your keystore password (leave quotes)
6. Change webreckeys.ks to your keystore (leave quotes)

Configuring using a Certificate Authority (CA) keystore with VS Catalog:

1. Will use the same keystore as used with IAM
2. Edit /bin/vscatalog.vmoptions
3. Add these lines:

-Dserver.ssl.key-store=<fully qualified path to keystore>
-Dserver.ssl.key-password=<keystore password> 
-Dserver.ssl.key-store-type=JKS 
-Dserver.ssl.key-alias=<alias of the certificate>

Restart both IAM and VS Catalog.

Bring up Browser and enter URL https://<hostname>:51111 for IAM.

Bring up Browser and enter URL https://<hostname>:51110 for VS Catalog. 

Not Secure will be resolved because it is finding the certificate issued by a valid CA.
Additional Information:
NOTE:

Have noticed with Firefox, that the certificate chain is not automatically pulled into the browser, so the root and intermediate certificates had to be manually imported into the Firefox. Chrome and IE work without having to do this.