Previous Topic: Modifying SQL Queries for Certain Endpoint TypesNext Topic: Register CA Identity Governance on the CA UAR Server

CA Identity Governance Configuration GuideIntegrating CA Identity Governance with Other CA ProductsCA UAR IntegrationCreate a CA UAR Security Certificate

Create a CA UAR Security Certificate

To communicate with CA UAR, create a CA UAR security certificate and update the keystore with the new certificate.

Note: The following steps are specifically for Internet Explorer 8. If you use another browser, see that browser's documentation on creating a security certificate.

Follow these steps:

  1. From the CA Identity Governance server, use Internet Explorer to log in to the CA UAR API portal. Use the following URL to access the API portal:

    https://calm_hostname:port/spin/calmapi/calmapi.csp

    A security certificate error appears.

  2. Click Continue to this website.
  3. Click Certificate Error, View certificates.

    The Certificate dialog appears and displays information about the CA UAR security certificate.

  4. Click the Details tab and select Copy to File.

    The Certificate Export Wizard appears.

  5. Export the certificate using the wizard, as follows:
    1. In the Export Format screen, select Base-64 encoded X.509 (.CER).
    2. Set the file name for the certificate to 'elm_cer.cer'.
    3. Click Finish.

    The certificate is saved on the CA Identity Governance server.

  6. Update the keystore with the certificate, as follows:
    1. Open a command prompt on the CA Identity Governance server.
    2. Navigate to the directory that contains the exported certificate.
    3. Enter the following command: 
      “%JAVA_HOME%\bin\keytool.exe” -import -file “pathname_cer” -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -trustcacerts

      where pathname_cer is the pathname of the exported certificate.

      You are prompted for a password.

    4. Enter the following password, or the default cacerts password for your system:

      'changeit'

    5. At the prompt, enter y and press Enter.

    The CA UAR certificate is installed in the keystore.

  7. Verify that the new certificate appears, as follows:
    1. Enter the following command: 
      “%JAVA_HOME%\bin\keytool.exe” -list -keystore "%JAVA_HOME%\jre\lib\security\cacerts"
    2. Enter the cacerts password.

      A list of certificates appears.

    3. Verify that the new certificate appears in the list.
  8. Restart the application server hosting CA Identity Governance.