Administering CA Configuration Automation › Configuration Settings › Creating and Managing Security Certificates › How to Configure CA Configuration Automation for SSL Security › Create a Certificate Authority, Server Certificate, and HTTPS Certificate

Create a Certificate Authority, Server Certificate, and HTTPS Certificate

The CA Configuration Automation certificate authority is used to create certificates for CA Configuration Automation Servers and CA Configuration Automation Agents. A password protects the certificate authority, and is required when you configure the certificate authority and when a new certificate is signed.

Follow these steps:

1. Click the Administration link, the Configuration tab, and click the Security Certificates link.

   The Security Summary page opens and displays the status of the following security components:

   Certificate Authority

   Specifies whether the certificate authority has been created.

   HTTPS Support

   Specifies whether HTTPS is enabled for the CA Configuration Automation Server UI.

   Agent Security

   Specifies whether SSL security is enabled for the CA Configuration Automation Agent.

   Client Authentication

   Specifies whether client authentication is enabled for the CCA Server.

2. Select Create Certificate Authority from the Table Actions drop-down list.

   The Create Certificate Authority dialog appears.

3. On the Create Certificate Authority dialog, complete the following fields, then click OK:

   Certificate Authority Password

   Defines the password for the certificate. This password is key to your system security. Choose the password according to security best practices, and do not use the same password for other certificates such as the HTTPS certificate.

   Confirm Password

   Ensures the certificate authority password was entered correctly by requiring that it matches this value.

   Server Certificate Password

   Specifies the server certificate password.

   Confirm Password

   Ensures the server certificate password was entered correctly by requiring that it match this value.

   Set up HTTPS

   Specifies whether HTTPS is enabled for accessing the CA Configuration Automation UI. The X.509 certificate authentication requires that HTTPS is enabled.

   HTTPS Certificate Password

   Specifies the HTTPS certificate password.

   Confirm Password

   Ensures the HTTPS certificate password was entered correctly by requiring that it match this value.

   The application completes the following actions:

   • Creates the self-signed private and public certificate authority certificates
   • Creates and signs the CA Configuration Automation Server certificate
   • Sets up all the security-related directories and files
   • Creates the key and trust stores for the CA Configuration Automation Server
   • If the Set up HTTPS check box is selected, the application creates the HTTPS certificate that the application requires to complete the following actions:
     • Secure access to the CA Configuration Automation UI
     • Enable X.509 certificate authentication
   • Changes connector entries in the server.xml file as required

   The following directories contain the CA Configuration Automation certificate authority certificates, the database of issued certificates, and copies of all of the issued keys and certificates:

   • UNIX and Linux: /opt/CA/CCAServer/security
   • Windows: \Program Files\CA\CCA Server\security
4. Stop and restart the CA Configuration Automation Server.
5. (Optional) Create and enable CA Configuration Automation Agent security certificates (if the application requires it according to Secure Agents).

   Each CA Configuration Automation Agent requires that a separate certificate is issued for each server. Create CA Configuration Automation Agent security certificates using the Secure Agent option for each individual server that is selected on the Servers page.