Implementation Guide › Installing and Customizing a UNIX Endpoint › Native Installations › Additional Considerations for Native Installations › How to Specify That CA ControlMinder Uses a Third-Party Password-Protected Server Certificate
How to Specify That CA ControlMinder Uses a Third-Party Password-Protected Server Certificate
You can use third-party password-protected server certificates to encrypt and authenticate communication between CA ControlMinder components.
To configure CA ControlMinder to use third-party password-protected server certificates, you must perform some additional steps when you use native packages to install CA ControlMinder, as follows:
- When you customize the params file as part of the native package installation, specify the following parameters in the file:
- ENCRYPTION_METHOD_SET=2
- ROOT_CERT_PATH=root_cert_path
- ROOT_CERT_KEY=root_key_path
- PROVIDE_OR_GEN_CERT=2
- SUBJECT_CERT_PATH=server_cert_path
- SUBJECT_KEY_PATH=subject_key_path
- After you install CA ControlMinder, do the following:
- Store the password for the private key on the computer, as follows, where ACInstallDir is the directory in which you installed CA ControlMinder:
ACInstallDir/bin/sechkey -g -subpwd password
- -subpwd password
-
Specifies the password for the private key of the server certificate.
- Verify that CA ControlMinder can use the stored password to open the key:
ACInstallDir/bin/sechkey -g -verify
- Change the value of the communication_mode configuration setting in the crypto section to one of the following:
- all_modes
-
Specify this value if you want to enable both symmetric and SSL encryption. This value lets the computer communicate with all CA ControlMinder components.
- use_ssl
-
Specify this value to enable SSL encryption only. This value lets the computer communicate with only the CA ControlMinder components that use SSL encryption.
- Start CA ControlMinder.
CA ControlMinder starts and uses the third-party password-protected server certificate to encrypt and authenticate communication.
Note: For more information about the sechkey utility, see the Reference Guide.
More information:
sechkey Utility—Configure X.509 Certificates
Copyright © 2013 CA Technologies.
All rights reserved.
|
|