|
|
|
After you complete a certificate request, the SSL Configuration Status field reads Server cert requested, not signed, indicating that the certificate request is waiting to be signed. Federation Manager accepts a base-64 encoded PEM certificate or a full PKCS #7 certificate/chain response.
After you receive the signed certificate from the CA, the certificate must be uploaded to the storage location.
Note: You can click Help for a description of fields, controls, and their respective requirements.
To upload the signed server certificate
Note: Only one key and certificate pair is needed for the SSL features because SSL does not support more than one pair.
If the CA certificate is not in the key store, import a copy of the CA certificate used to sign the SSL certificate request. Import the certificate by clicking Import and completing the import steps.
A confirmation message is displayed and the SSL Configuration changes to reflect that the certificate is now updated.
Use the Federation Manager stop and start shortcuts as follows:
a. Open a command window.
b. Run the following scripts:
federation_mgr_home/fedmanager.sh stop
federation_mgr_home/fedmanager.sh start
When you run the fedmanager.sh script, it sources the Federation Manager environment script, ca_federation_env.ksh.
Note: Do not stop and start the services as the root user. You must be a non-root user.
After the server certificate is uploaded to the system, Federation Manager updates the certificate and activates SSL. Assuming that the certificate upload was successful, the SSL Configuration Status reads SSL Active. The button in the configuration group box changes to Deactivate.
The UI also indicates whether the uploaded certificate is FIPS-approved or not.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |