Connector Guides › Connectors Guide › Configuring CA IAM CS › Customize the Configuration for CA IAM CS › Set the TLS Store Certificate Password

Set the TLS Store Certificate Password

CA IAM CS uses two certificates: one for each of the following roles:

• CA IAM CS as a server—When LDAP and client requests a TLS-secured connection, CA IAM CS acts as an LDAP server. CA IAM CS uses a certificate to secure this communication.
• CA IAM CS as a client—When CA IAM CS requests a secure connection with an endpoint, CA IAM CS acts as a client. It uses a different certificate to secure this communication.

When you install CA IAM CS these certificates each have a temporary password. We recommend that you update these passwords.

By default, these certificates are stored in the same keystore. However you can store them in separate keystores if you prefer.

Follow these steps:

1. Stop CA IAM CS.
2. Open a command prompt, then change to the following directory:

   cs_home/jcs/tools/ldaps_password
   

3. Use the following command to update the password of the keystore for the server:

   ldaps_password new-password
   

   This command updates the encrypted commonConfiguration.keystorePassword value in server_shared.properties.

4. Use the following command to update the password of the keystore for the client:

   ldaps_password new-password connectorManager.connectorClientCertStorePassword ../conf/override/server_jcs.properties
   

   This command updates the encrypted connectorManager.connectorClientCertStorePassword value in server_jcs.properties.

   Note: The password for the keystore is the password that you set during CA IAM CS installation.

5. Restart CA IAM CS.

Note: Alternatively, you can manage the keystore using the keytool utility included in the Java Runtime Environment. This lets you install your own certificate instead of the default Provisioning Server certificate that the installer configures.