When configuring TLS/SSL on CAPC, there are two main areas where people run into difficulty:
1) Configuration changes to the necessary files/sso settings
2) Problems with certificates (incorrect files, not all the correct files, etc.)
CA Performance Center, all versions
It can help to first get up and running on self signed certificates.
This way we can tell that the certificates are OK, and any problems point to a configuration issue.
When configuring CAPC to use self signed certificates:
1) Use the same keystore/private key passwords you would use when converting the self signed certificate to signed
or installing a provided key/certificate.
2) After getting up and running on the self signed certificates:
a) Back up the /opt/CA/PerformanceCenter/jetty/etc/keystore file
b) Back up the /opt/CA/jre/lib/security/cacerts file.
If issue occur when changing to the signed certificates, if you have not changed any of the files that contain the
keystore/private key passwords all you would need to do is restore these files and restart the CAPC services to
Then after confirming that CAPC is running on Self Signed certificates, then convert the self signed certificate to signed
or install a provided key/certificate.
After installing the new certificates, restart he CAPC services.