How to Specify That CA Access Control Uses a Third-Party Password-Protected Server Certificate

Implementation Guide › Installing and Customizing a UNIX Endpoint › Native Installations › Additional Considerations for Native Installations › How to Specify That CA Access Control Uses a Third-Party Password-Protected Server Certificate

How to Specify That CA Access Control Uses a Third-Party Password-Protected Server Certificate

You can use third-party password-protected server certificates to encrypt and authenticate communication between CA Access Control components.

To configure CA Access Control to use third-party password-protected server certificates, you must perform some additional steps when you use native packages to install CA Access Control, as follows:

When you customize the params file as part of the native package installation, specify the following parameters in the file:
- ENCRYPTION_METHOD_SET=2
- ROOT_CERT_PATH=root_cert_path
- ROOT_CERT_KEY=root_key_path
- PROVIDE_OR_GEN_CERT=2
- SUBJECT_CERT_PATH=server_cert_path
- SUBJECT_KEY_PATH=subject_key_path
After you install CA Access Control, do the following:
1. Store the password for the for the private key on the computer, as follows, where ACInstallDir is the directory in which you installed CA Access Control:
```
ACInstallDir/bin/sechkey -g -subpwd password
```
  -subpwd password
  
  Specifies the password for the private key of the server certificate.
2. Verify that CA Access Control can use the stored password to open the key:
```
ACInstallDir/bin/sechkey -g -verify
```
3. Change the value of the communication_mode configuration setting in the crypto section to one of the following:
  
  all_modes
  
  Specify this value if you want to enable both symmetric and SSL encryption. This value lets the computer communicate with all CA Access Control components.
  
  use_ssl
  
  Specify this value to enable SSL encryption only. This value lets the computer communicate with only the CA Access Control components that use SSL encryption.
4. Start CA Access Control.
  CA Access Control starts and uses the third-party password-protected server certificate to encrypt and authenticate communication.

Note: For more information about the sechkey utility, see the Reference Guide.

More information:

sechkey Utility—Configure X.509 Certificates