Previous Topic: Generate and Import a CertificateNext Topic: Import a Key and an Existing Certificate

Using HTTPS with Single Sign-OnHow to Set Up HTTPS for CA Single Sign-OnSet Up SSL CertificatesConvert a Self-Signed Certificate to a Certification Authority SSL Certificate

Convert a Self-Signed Certificate to a Certification Authority SSL Certificate

A self-signed certificate prompts a browser warning when users open CA Performance Center. Users can manually dismiss the warning to continue. However, a certificate that a trusted Certification Authority has signed avoids the browser warning. The following procedure explains how to convert the self-signed certificate to a certificate that a trusted Certification Authority has signed.

Follow these steps:

  1. Run the following command: 
    cd installDirectory/PerformanceCenter/jetty/etc
  2. Export a certificate signature request using the following command: 
    keytool -certreq -keystore keystore_file.ks -storepass storepasswd -alias alias_name -keypass keypasswd -file requestFileName.csr
    requestFileName.csr

    Determines the path and file name of the exported signature request.

  3. Send the resulting file (requestFileName.csr) to a qualified signing authority, along with any other requested information.

    The Certificate Authority sends you a signed certificate (signedCert.cer). They might also provide a root Certificate Authority certificate (rootCA.cer) to authenticate the signed certificate.

  4. (Optional) Determine whether the root Certificate Authority certificate is part of the default java trusted authorities using the following command: 
    keytool -list -v -keystore installDirectory/jre/lib/security/cacerts -storepass cacertspasswd
  5. (Optional) Search the output for the Certificate Authority that signed your certificate. If the Certificate Authority is not listed, add it to the list of trusted authorities using the following command: 
    keytool -importcert -keystore installDirectory/jre/lib/security/cacerts -storepass cacertspasswd -alias myRootCa -file rootCA.cer
  6. Import the signed certificate using the following command: 
    keytool -importcert -trustcacerts -keystore keystore -storepass storepasswd -alias alias_name -keypass keypasswd -file signedCert.cer
  7. Validate the contents of the jetty keystore using the following command: 
    keytool -list -keystore installDirectory/PerformanceCenter/jetty/etc/keystore

    The single certificate that you imported appears in the list.

  8. Restart each CA Performance Center service using these commands: 
    /sbin/service caperfcenter_sso restart

    /sbin/service caperfcenter_devicemanager restart

    /sbin/service caperfcenter_console restart

    The Certificate Authority SSL certificate replaces your self-signed certificate in the keystore.

Next step: Configure the port and website to support HTTPS.