Product GuideImplementing CA Access Control for Virtual EnvironmentsHow You Configure CA Access Control for Virtual Environments for SSL Communication › Adding the Users Directory Certificate to the Keystore

Previous Topic: How You Configure CA Access Control for Virtual Environments for SSL Communication

Next Topic: Administering CA Access Control for Virtual Environments

Adding the Users Directory Certificate to the Keystore

Before you can configure CA Access Control for Virtual Environments to use SSL communication, add the users directory certificate to the keystore.

Note: For more information about how to configure SSL for Active Directory or CA Directory, see the Active Directory and CA Directory documentation.

Example: Adding the Active Directory Certificate to the Keystore

Important! This example shows you how to configure CA Access Control for Virtual Environments to use SSL for secure communication with Active Directory. You must obtain the Active Directory certificate in a DER, CER, or CERT encoded binary format before you begin this procedure.

  1. On the CA Access Control Server, stop JBoss if it is running. Do the following:
  2. Navigate to the following directory, where JBOSS_HOME is the directory where JBoss is installed: 
    JBOSS_HOME/server/default/deploy/IdentityMinder.ear/custom/ppm/truststore
  3. Enter the following command: 
    keytool -import -keystore ssl.keystore -alias ad -file <activedirecoty.cert>

    A password prompt appears.

    -import

    Specifies that the utility reads the certificates and stores it in the keystore.

    -alias

    Specifies the alias to use for adding an entry to the keystore.

    -file

    Specifies the full pathname of the Active Directory certificate file.

  4. Enter the password secret.
  5. Navigate to the JBoss bin directory. By default this directory is found in: 
    JbossInstallDir/bin
  6. Open the run.bat file and set the java_ops parameter with the trusted user store data. For example: 
    set JAVA_OPTS=%JAVA_OPTS% -Xms128m -Xmx512m -Djavax.net.ssl.trustStore=C:\jboss-4.2.3.GA\server\default\deploy\IdentityMinder.ear\custom\ppm\truststore\ssl.keystore
  7. Save the file and start JBoss.

    You have added the users store certificate to the keystore.