Previous Topic: How You Configure CA ControlMinder Enterprise Management for SSL CommunicationNext Topic: Configure CA ControlMinder Enterprise Management for SSL Communication


Adding the Users Directory Certificate to the Keystore

Before you can configure CA ControlMinder Enterprise Management to use SSL communication, add the users directory certificate to the keystore.

Note: For more information about how to configure SSL for Active Directory or CA Directory, see the Active Directory and CA Directory documentation.

Example: Adding the Active Directory Certificate to the Keystore

Important! This example shows you how to configure CA ControlMinder Enterprise Management to use SSL for secure communication with Active Directory using JBoss version 4.2.3 and JDK version 1.5.0. You must obtain the Active Directory certificate in a DER, CER or CERT encoded binary format before you begin this procedure.

  1. Stop JBoss if it is running. Do one of the following steps:
  2. On the Enterprise Management Server, open a command prompt window and navigate to the following directory:
    jbossInstallDir/server/default/deploy/IdentityMinder.ear/custom/ppm/truststore
    
  3. Enter the following command:
    keytool -import -keystore ssl.keystore -alias ad -file <activedirectory.cert>
    

    A password prompt appears.

    -import

    Specifies that the utility reads the certificates and stores it in the keystore.

    -alias

    Specifies the alias to use for adding an entry to the keystore.

    -file

    Specifies the full pathname of the Active Directory certificate file.

  4. Enter the password secret.
  5. Navigate to the JBoss bin directory. By default this directory is found in:
    JbossInstallDir/bin
    
  6. Open the run.bat file and set the java_ops parameter with the trusted user store data. For example:
    set JAVA_OPTS=%JAVA_OPTS% -Xms128m -Xmx512m -Djavax.net.ssl.trustStore=C:\jboss-4.2.3.GA\server\default\deploy\IdentityMinder.ear\custom\ppm\truststore\ssl.keystore
    
  7. Save the file and start JBoss.

More information:

Configure CA ControlMinder Enterprise Management for SSL Communication