The CA Identity Manager ships with OOTB certificate(s) set to expire in 2017.

Document ID : KB000015517
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

The default certificates are set to expire in 2017 and an IM 12.6.x bulletin was released "CA - PROACTIVE NOTIFICATION - IDMGR - ADVISORY - AIDMGR-100477" which provided instructions to follow to replace the expiring certificates for product versions of IM 12.6 SP1-SP8 but does not mention IM 12.5.x release which has already reached End Of Support.

Question:

Is IM 12.5 releases impacted and if so what steps should be taken?

Answer:

Yes IM 12.5 releases are impacted as well and so the same documentation should be reviewed and followed that is found in the following link for IM 12.6.x but when it comes to updating jiam.jar you will follow "Use Case 2" instructions which are for IM 12.6 SP1 to SP3 but also can be used for IM 12.5.x release.

https://docops.ca.com/ca-identity-manager/12-6-8/EN/upgrading/upgrade-provisioning-components/update-your-provisioning-certificates

Use Case 2: For releases 12.6 SP1 to 12.6 SP3, perform the following steps:

Note:
 Ensure that %JAVA_HOME%\bin directory is set in the Path environment variable. 

  • In the downloaded certificate zip file, navigate to 12-6-SP1-12-6-SP3 folder and copy admincacert.jks to a temp location.
  • Run the following command to add the certificate to the jiam.jar file:

    Jar uf <location_of_jiam.jar> <location_of_adminacert.jks>

    Example: 

    jar uf jiam.jar admincacert.jks
  • Copy the updated jiam.jar file from the downloaded certificate zip file to the following locations:

    • CA Identity Manager Tools location
      <IAM_Installation_location>\IAM Suite\Identity Manager\tools\lib

    • Application Server: 
      • JBoss/WebSphere: <EAR_HOME>\library
      • WebLogic: <EAR_HOME>\APP-INF\lib
    • Connector Xpress:
      <IAM_Installation_location>\Connector Xpress\lib