Connector Guides › Connectors Guide › Connecting to Endpoints › CA Arcot Connector › How to Connect CA Identity Manager to CA Arcot › Issue the Client Certificate for the JCS
Issue the Client Certificate for the JCS
This procedure is for the administrator of CA Identity Manager.
Now that you have imported the Arcot certificate into the JCS keystore, you can create a keypair and certificate request, and then create the certificate. When you submit this certificate request to a certificate authority (CA), the CA generates the certificate required by JCS.
Follow these steps:
- Use the keytool utility to generate an RSA keypair in the JCS keystore, using the alias jcs_keypair for the key entry. Enter one of the following commands:
Windows:
..\jvm\bin\keytool -genkeypair -alias jcs_keypair -keystore ssl.keystore -storepass password -validity 3650 -keyalg RSA -keysize 2048
Linux or Solaris:
../jvm/bin/keytool -genkeypair -alias jcs_keypair -keystore ssl.keystore -storepass password -validity 3650 -keyalg RSA -keysize 2048
- Use the keytool utility to generate a certificate request for JCS, using the RSA key pair that you generated in Step 1. Enter one of the following commands:
Windows:
..\jvm\bin\keytool -certreq -alias jcs_keypair -keystore ssl.keystore -storepass password -keyalg RSA -file jcs_arcot.csr
Linux or Solaris:
../jvm/bin/keytool -certreq -alias jcs_keypair -keystore ssl.keystore -storepass password -keyalg RSA -file jcs_arcot.csr
The keytool utility stores the certificate request in the file jcs_arcot.csr.
Important! The following steps describe how to use the Windows 2003 certificate authority. If you use a different CA, adapt these steps.
- Log in to the Microsoft Certificate Services web interface at http://your_ca.domain/certsrv.
- Submit the certificate request:
- Select Request a Certificate, Advanced Certificate Request.
- Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file. Alternatively, submit a renewal request by using a base-64-encoded PKCS #7 file.
- Browse for the jcs_arcot.csr generated in the previous procedure, and click Submit.
- Create the certificate:
- Click Start, Programs, Administrative Tools, Certification Authority.
- Expand the CA server tree and then click Pending Requests.
The request you submitted is listed on the right.
- Right-click the certificate request and select All tasks, Issue.
- Select Issued Certificates on the left and right-click the certificate you issued in the previous step, and click Open.
- Click the Details tab and then click Copy to File.
- Click Next in the Certificate Export wizard.
- When prompted to select the file format, select Cryptographic Message Syntax Standard – PKCS #7 Certificates (.P7B).
- Select the Include all certificates in the certification path if possible check box.
- Name the file jcs_ca_cert.p7b.
The certificate is now ready for you to install it in the JCS keystore.
Install the Certificate for the JCS
This procedure is for the administrator of CA Identity Manager.
After you have created the certificate required by the JCS, move it to the computer running the JCS and install the certificate.
Follow these steps:
- Find the .p7b file that you created in Step 5 of Issue the Client Certificate for the JCS.
- Move the .p7b file to the following folder on the computer that has the JCS installed:
jcs_install\bin
- Use the keytool utility to import the new certificate into the JCS, using one of the following commands.
Windows:
..\jvm\bin\Keytool -importcert -alias jcs_keypair -keystore ssl.keystore -storepass password -file jcs_ca_cert.p7b
Linux or Solaris:
../jvm/bin/Keytool -importcert -alias jcs_keypair -keystore ssl.keystore -storepass password -file jcs_ca_cert.p7b
Note: These commands use the alias jcs_keypair, which is the alias you used to generate the keypair in step 1 of Issue the Client Certificate for the JCS.
- Restart the JCS.
Copyright © 2013 CA.
All rights reserved.
|
|