Previous Topic: How to Specify That CA ControlMinder Uses a Password-Protected Root CertificateNext Topic: RPM Package Manager Installation


How to Specify That CA ControlMinder Uses a Third-Party Password-Protected Server Certificate

You can use third-party password-protected server certificates to encrypt and authenticate communication between CA ControlMinder components.

To configure CA ControlMinder to use third-party password-protected server certificates, you must perform some additional steps when you use native packages to install CA ControlMinder, as follows:

  1. When you customize the params file as part of the native package installation, specify the following parameters in the file:
  2. After you install CA ControlMinder, do the following:
    1. Store the password for the private key on the computer, as follows, where ACInstallDir is the directory in which you installed CA ControlMinder:
      ACInstallDir/bin/sechkey -g -subpwd password
      
      -subpwd password

      Specifies the password for the private key of the server certificate.

    2. Verify that CA ControlMinder can use the stored password to open the key:
      ACInstallDir/bin/sechkey -g -verify
      
    3. Change the value of the communication_mode configuration setting in the crypto section to one of the following:
      all_modes

      Specify this value if you want to enable both symmetric and SSL encryption. This value lets the computer communicate with all CA ControlMinder components.

      use_ssl

      Specify this value to enable SSL encryption only. This value lets the computer communicate with only the CA ControlMinder components that use SSL encryption.

    4. Start CA ControlMinder.

      CA ControlMinder starts and uses the third-party password-protected server certificate to encrypt and authenticate communication.

Note: For more information about the sechkey utility, see the Reference Guide.

More information:

sechkey Utility—Configure X.509 Certificates