Add an SSL Certificate to CA Process Automation

Directory Services › Add an SSL Certificate to CA Process Automation

Add an SSL Certificate to CA Process Automation

To add an SSL certificate to CA Process Automation

Retrieve the certificate file from the Active Directory server.
For instance, to establish an SSL connection between CA Process Automation and an Active Directory server, retrieve the certificate. Log in to the http://i.p./certsrv where i.p. is the IP address of the Active Directory server, then download the certificate.
Copy the certificate file to the computer where the CA Process Automation Directory Services operators are running.
Import the certificate using the keytool command:
```
keytool -import -alias PAM -file certnew.cer -keystore "C:\\Program Files\\Java\\jdk1.6.0_03\\jre\\lib\\security\\cacerts"
```
Where certnew.cer is the path to the certificate file retrieved in step 1.

"C:\\Program Files\\Java\\jdk1.6.0_03\\jre\\lib\\security\\cacerts" is the path to the cacerts file within the Java JRE or JDK.
- The keytool program is part of the Java installation.
- Keytool prompts for a password. The password is 'changeit' by default.
- Keytool prompts whether to 'Trust this certificate?[no]'. Enter yes.
Add the following lines in the CA Process Automation file:
```
PAM\server\c2o\bin\c2osvcw.conf
```
(or in the case of an upgrade): I
```
PAM_DIR%\server\c2o\bin\c2osvcw.conf:
```
```
wrapper.java.additional.11=-Djavax.net.ssl.trustStore="C:\Program Files\Java\jdk1.6.0_03\jre\lib\security\cacerts"
wrapper.java.additional.12=-Djavax.net.ssl.trustStorePassword="changeit"
```
The numbers might be different for you. Start with the next available number. If wrapper.java.additional.11 is already defined, use 12 and 13.

The program folder is different for your JDK installation.

The password is "changeit".
Restart the CA Process Automation Touchpoint that contains the Directory Services operators.

Set Up the Active Directory Server

To establish an SSL connection between the CA Process Automation-Directory Services operators and an Active Directory server, verify that the Active Directory server is set up:

The Certificate Services are installed on your Active Directory server (consult your Active Directory admin for this task).
The Automatic Certificate Request is configured for Domain Controllers (consult your Active Directory admin for this task).

Note: When you create a new user account or modify the password of an existing user account in Active Directory, the Active Directory does not allow you to create or modify a user password unless CA Process Automation is connected to the Active Directory server through SSL.