If you use SSL encryption, you can create server certificates from third-party root certificates. You use these certificates to encrypt and authenticate communication between CA ControlMinder components.
You can create a password-protected server certificate; if you do, CA ControlMinder uses a specified password to protect the private key for the server certificate.
You need the following files to create a server certificate from a third-party root certificate:
To use a server certificate you generate from a third-party root certificate
Note: You cannot use password-protected certificates if CA ControlMinder is operating in FIPS-only mode.
ACInstallDir/data/crypto
Important! Do not delete the sub_cert_info file.
The default server certificate and default key for the server certificate are deleted.
Note: If you install the root certificate in a new directory, write CA ControlMinder FILE rules to protect that directory.
Note: For more information about the sechkey utility, see the Reference Guide. You must have the ADMIN attribute to use sechkey. If you are working with a third-party program that uses the CA ControlMinder SDK, append the -s option to the sechkey command when you run sechkey.
If you do not want to create another server certificate from the root certificate, you can delete the private key for the root certificate.
SSL encryption is enabled.
Example: Use sechkey to Create a Server Certificate
This example creates a server certificate from a third-party root certificate. This example uses the default CA ControlMinder certificate information file. The private key for the root certificate is named custom_root.key and located at /opt/CA/AccessControl/data/crypto:
sechkey -e -sub -in "/opt/CA/AccessControl/data/crypto/sub_cert_info" -priv /opt/CA/AccessControl/data/crypto/custom_root.key
Copyright © 2013 CA Technologies.
All rights reserved.
|
|