Using the CA Configuration Automation SDK › SDK Support for HTTPS-enabled CA Configuration Automation Server

SDK Support for HTTPS-enabled CA Configuration Automation Server

This section describes how to configure SDK support for an HTTPS-enabled CA Configuration Automation Server.

In general, there are two steps:

• Configure the server in HTTPS mode
• Import CA Configuration Automation Certificate Authority to JRE key store

These steps are described in detail in the sections that follow.

To configure the CA Configuration Automation Server to use HTTPS

1. Log in to the CA Configuration Automation Server you want to use in HTTPS mode.
2. Click the Administration link, the Configuration tab, and then the Security Certificates link.

   The Security Certificates page appears.

3. Select Create Certificate Authority from the Table Actions drop-down list.

   The Create Certificate Authority dialog appears.

4. Enter and confirm the three required passwords, click the Set Up HTTPS check box, and then click OK.

   The ccaca.cer file is created in <CA Configuration Automation Server_home>\security directory, and the Security Summary area of the Security Certificates page shows that a Certificate Authority was created.

5. Restart the CA Configuration Automation Server.

   The CA Configuration Automation Server is configured to run in HTTPS mode.

To import the CA Configuration Automation Server Certificate Authority into the JRE key store

1. Navigate to the jre\lib\security directory of the JRE that is being used at the client, and ensure that a certificate file called cacerts exists.
2. Copy the ccaca.cer file from <CA Configuration Automation Server_home>\security to jre\lib\security.
3. Open a command prompt, then change directory (cd) to jre\lib\security.
4. Run either of the following commands to import the ccaca.cer into JRE key store:

   >%JRE_HOME%\bin\keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias ccaca -file ccaca.cer
   

   >%JRE_HOME%\bin\keytool -importcert -trustcacerts -file ccaca.cer -keystore cacerts -storepass changeit -noprompt -alias ccaca
   

   After importing ccaca.cer into JRE using this command, if you still cannot access your CA Configuration Automation Server with the SDK client using HTTPS protocol, perform the following step:

5. (Optional) Do one of the following:
   • If the jssecacerts keystore file exists in the JRE Security folder, run the following command to import the ccaca.cer into jssecacerts keystore:

     >%JRE_HOME%\bin\keytool -importcert -trustcacerts -file ccaca.cer -keystore jssecacerts -storepass changeit -noprompt -alias ccaca
     

   • If the jssecacerts file does not exist in the JRE Security folder, copy the cacerts file, and rename it to jssecacerts, then run the import command.

   Note: Do not copy and paste commands from this document, the hyphen (-) symbol may not be copied properly and may cause the following error:

   keytool error: java.lang.RuntimeException: Usage error, ûfile is not a legal command
   

   The SDK can now be accessed using HTTPS.