How to Specify That CA ControlMinder Uses a Third-Party Password-Protected Server Certificate

Implementation Guide › Installing and Customizing a UNIX Endpoint › Native Installations › Additional Considerations for Native Installations › How to Specify That CA ControlMinder Uses a Third-Party Password-Protected Server Certificate

How to Specify That CA ControlMinder Uses a Third-Party Password-Protected Server Certificate

You can use third-party password-protected server certificates to encrypt and authenticate communication between CA ControlMinder components.

To configure CA ControlMinder to use third-party password-protected server certificates, you must perform some additional steps when you use native packages to install CA ControlMinder, as follows:

When you customize the params file as part of the native package installation, specify the following parameters in the file:
- ENCRYPTION_METHOD_SET=2
- ROOT_CERT_PATH=root_cert_path
- ROOT_CERT_KEY=root_key_path
- PROVIDE_OR_GEN_CERT=2
- SUBJECT_CERT_PATH=server_cert_path
- SUBJECT_KEY_PATH=subject_key_path
After you install CA ControlMinder, do the following:
1. Store the password for the private key on the computer, as follows, where ACInstallDir is the directory in which you installed CA ControlMinder:
```
ACInstallDir/bin/sechkey -g -subpwd password
```
  -subpwd password
  
  Specifies the password for the private key of the server certificate.
2. Verify that CA ControlMinder can use the stored password to open the key:
```
ACInstallDir/bin/sechkey -g -verify
```
3. Change the value of the communication_mode configuration setting in the crypto section to one of the following:
  
  all_modes
  
  Specify this value if you want to enable both symmetric and SSL encryption. This value lets the computer communicate with all CA ControlMinder components.
  
  use_ssl
  
  Specify this value to enable SSL encryption only. This value lets the computer communicate with only the CA ControlMinder components that use SSL encryption.
4. Start CA ControlMinder.
  CA ControlMinder starts and uses the third-party password-protected server certificate to encrypt and authenticate communication.

Note: For more information about the sechkey utility, see the Reference Guide.

More information:

sechkey Utility—Configure X.509 Certificates