Configure the Components › Configure CA Process Automation with Active Directory Server › Add an SSL Certificate to CA Process Automation

Add an SSL Certificate to CA Process Automation

Follow these steps:

1. Do one of the following to retrieve the certificate file from the Active Directory server.

   For the instance to establish an SSL connection between CA Process Automation and an Active Directory server, retrieve the certificate.

   • Log in to http://i.p./certsrv and download the certificate.

     i.p.

     Defines the IP address of the Active Directory server.

   • Log in to the Active Directory server and import the certificate directly.
2. Copy the certificate file to the computer where the CA Process Automation LDAP module is running.
3. Import the certificate using the following keytool command:

   keytool -import -alias PAM -file certnew.cer -keystore "C:\\Program Files\\Java\\ jdk1.7.0_51\\jre\\lib\\security\\cacerts"
   

   Where certnew.cer is the path to the certificate file retrieved in step 1.

   C:\\Program Files\\Java\\ jdk1.7.0_51\\jre\\lib\\security\\cacerts is the path to the cacerts file within the Java JRE or JDK.

   Note: Update the JDK path depending on the JDK version you install. For example, use jdk1.7.0_51 in the path if you installed JDK version 1.7.0_51.

   • The keytool program is part of the Java installation.
   • The Keytool prompts for a password. The password is changeit by default.
   • The Keytool prompts whether to 'Trust this certificate?[no]'. Enter yes.
4. Add the following lines in the CA Process Automation file:

   PAM\server\c2o\bin\c2osvcw.conf
   

   (or in the case of an upgrade): I

   PAM_DIR%\server\c2o\bin\c2osvcw.conf:
   

   wrapper.java.additional.11=-Djavax.net.ssl.trustStore="C:\\Program Files\\Java\\ jdk1.7.0_51\\jre\\lib\\security\\cacerts"
   wrapper.java.additional.12=-Djavax.net.ssl.trustStorePassword="changeit"
   

   The numbers could be different for you. Start with the next available number. If wrapper.java.additional.11 is already defined, use 12 and 13.

   The program folder is different for your JDK installation.

   The password is changeit.

5. Restart the CA Process Automation Server.

Set Up the Active Directory Server

To establish an SSL connection between the CA Process Automation-LDAP Module and an Active Directory server, verify that the Active Directory server is set up:

1. The Certificate Services are installed on your Active Directory server (consult your Active Directory administrator for this task).
2. The Automatic Certificate Request is configured for Domain Controllers (consult your Active Directory administrator for this task).

Note: You cannot create or modify an existing user account password in Active Directory unless CA Process Automation is connected to the Active Directory server through the SSL.