Previous Topic: Convert a Self-Signed Certificate to a Certification Authority SSL CertificateNext Topic: Configure the Port and Website for HTTPS

Using HTTPS with Single Sign-OnHow to Set Up HTTPS for CA Single Sign-OnSet Up SSL CertificatesImport an Existing SSL Certificate

Import an Existing SSL Certificate

You can use a private key and public certificate (either a self-signed or a Certificate Authority certificate) from a different source. For example, your security team provides an SSL certificate that is customized for your organization. To use this SSL certificate, import the private key and the signed certificate.

Follow these steps:

  1. Run the following command: 
    cd /opt/CA/PerformanceCenter/jetty-version/etc
  2. Remove the old keystore using the command: 
    rm keystore
  3. Create a PKCS#12 keystore from the private key and certificate using the command: 
    openssl pkcs12 -export -in certificate.pem -inkey privatekey.pem -name capc -out keystore.pkcs12
    certificate.pem

    Specifies the certificate provided to you.

    privatekey.pem

    Specifies the private key provided to you.

    Note: This command works on Linux only.

  4. Import the key and certificate into the CA Performance Center keystore using the command: 
    keytool -importkeystore -destkeystore keystore -deststorepass storepasswd -srckeystore keystore.pkcs12 -srcstoretype pkcs12 -srcalias capc -destalias capc -destkeypass keypasswd
  5. Restart each CA Performance Center service using these commands: 
    /sbin/service caperfcenter_sso restart

    /sbin/service caperfcenter_devicemanager restart

    /sbin/service caperfcenter_console restart

    Your existing SSL certificate is imported into the keystore.

Next step: Configure the port and website to support HTTPS.