Previous Topic: Enable SSL EncryptionNext Topic: Use a Server Certificate You Generate from a Third-Party Root Certificate


Use Third-Party Root and Server Certificates

If you use SSL encryption, you can use third-party root and server certificates to encrypt and authenticate communication between CA ControlMinder components.

You need the following files to use third-party root and server certificates:

Note: Because the server certificates are already created, you do not need the private key for the root certificate.

To use third-party root and server certificates

  1. Verify that CA ControlMinder services are stopped and that SSL is enabled.
  2. Replace the root certificate. Do one of the following:
  3. Replace the server certificate. Do one of the following:
  4. Replace the server key. Do one of the following:
  5. If you use OU password-protected certificates do the following:
    1. Verify that the value of the fips_only configuration setting in the crypto section is 0.

      Note: You cannot use password-protected certificates if CA ControlMinder is operating in FIPS-only mode.

    2. Store the password for the server certificate private key on the computer as follows:
      sechkey -g -subpwd private_key_password
      

      Note: You must have the ADMIN attribute to use sechkey.

    3. Verify that CA ControlMinder can use the stored password to open the private key:
      sechkey -g -verify
      

      If CA ControlMinder cannot open the key, repeat Step b and specify the correct password.

    Note: For more information about the sechkey utility, see the Reference Guide.

  6. Start CA ControlMinder:

    SSL encryption is enabled.

More information:

sechkey Utility—Configure X.509 Certificates

crypto

crypto