Implementation GuideInstalling and Customizing a UNIX EndpointNative InstallationsAdditional Considerations for Native Installations › How to Specify That CA Access Control Uses a Password-Protected Root Certificate

Previous Topic: Additional Considerations for Native Installations

Next Topic: How to Specify That CA Access Control Uses a Third-Party Password-Protected Server Certificate
How to Specify That CA Access Control Uses a Password-Protected Root Certificate

When you install CA Access Control, you can configure it to use a third-party password-protected root certificate.

After you install CA Access Control, you use the root certificate to create CA Access Control server certificates. The server certificates encrypt and authenticate communication between CA Access Control components.

To configure CA Access Control to use a third-party password-protected root certificate, you must perform some additional steps when you use native packages to install CA Access Control, as follows:

  1. When you customize the params file as part of the native package installation, specify the following parameters in the file:
  2. After you install CA Access Control, do the following:
    1. Create a CA Access Control server certificate from the root certificate, as follows, where ACInstallDir is the directory in which you installed CA Access Control: 
      ACInstallDir/bin/sechkey -e -sub -in /opt/CA/AccessControl/crypto/sub_cert_info -priv root_key_path -capwd password [-subpwd password]
      -priv root_key_path

      Specifies the file that holds the private key for the root certificate.

      -ca password

      Specifies the password for the private key of the root certificate.

      -subpwd password

      Specifies the password for the private key of the server certificate.

    2. If you specified a password for the server key, verify that CA Access Control can use the stored password to open the key: 
      ACInstallDir/bin/sechkey -g -verify
    3. Change the value of the communication_mode configuration setting in the crypto section to one of the following:
      all_modes

      Specify this value if you want to enable both symmetric and SSL encryption. This value lets the computer communicate with all CA Access Control components.

      use_ssl

      Specify this value to enable SSL encryption only. This value lets the computer communicate with only the CA Access Control components that use SSL encryption.

    4. Start CA Access Control.

      CA Access Control starts and uses the CA Access Control server certificate to encrypt and authenticate communication.

Note: For more information about the sechkey utility, see the Reference Guide.

More information:

sechkey Utility—Configure X.509 Certificates