Previous Topic: How to Run ccautil on an HTTPS-enabled CA Configuration Automation ServerNext Topic: Using the CA Configuration Automation SDK

Using the Command-line InterfaceccautilHow to Run ccautil on an HTTPS-enabled CA Configuration Automation ServerImport the Certificate Authority to the JRE Key Store

Import the Certificate Authority to the JRE Key Store

After configuring the CA Configuration Automation Server to use HTTPS, you must copy the ccaca.cert file from the CA Configuration Automation Server host to the computer from which you want to run ccautil, then import it into the JRE key store.

Follow these steps:

  1. Navigate to one of the following directories on the client computer (the computer from which you want to run ccautil):

    Ensure that the cacert certificate file is in this directory.

  2. Copy the ccaca.cer file from the CA Configuration Automation Server's security directory to the ...\jre\lib\security directory on the client computer.

    If you installed the CA Configuration Automation Server in the default location, the ccaca.cer file is located in one of the following locations:

  3. Open a command prompt on the agent host computer, change (cd) to the ...jre\lib\security directory, and then run one of the following commands to import the Certificate Authority into the JRE key store: 
    %JRE_HOME%\bin\keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias acmca -file <path>\ccaca.cer

    %JRE_HOME%\bin\keytool -importcert -trustcacerts -file <path>\ccaca.cer -keystore cacerts -storepass changeit -noprompt -alias ccaca

    The keytool import command copies the file, and ccautil can be accessed using HTTPS as follows:

    ccautil -task listservers -s https://ccaservername:8080 -u username -p password.

    Notes: