For CA SiteMinder® Federation Standalone 12.52, the SSL key and certificate files for the embedded Apache and Tomcat servers are encrypted. For releases 12.0 and 12.0 SP1, these files are not encrypted. To avoid purchasing a new key/certificate pair for an encrypted file, migrate existing key or certificate files from r12.0/r12.0 SP1 to 12.52. You can also export these files for backup purposes without migrating them.
Important! For federation systems before r12.1, the embedded Tomcat server uses a self-signed certificate. You cannot use this self-signed certificate for a migration to 12.52. Purchase a signed certificate and upgrade the Tomcat SSL configuration with the signed certificate.
For Apache, you can migrate files for the SSL connections beginning at r12.0. For Tomcat, you can migrate files only from r12.1 forward because at release12.0, a self-signed certificate secured the Tomcat key store. Beginning with r12.1, the federation system requires that a Certificate Authority signs the certificate.
Migrating SSL keys and certificate files is useful in the following situations:
Note: If you upgrade a federation 12.0 system to 12.52, the installer automatically upgrades Apache and Tomcat SSL key and certificate files to encrypted files. This automatic does not apply to migrations.
The certificate and private key files are as follows:
To migrate or export these files, use the CA SiteMinder® Federation Standalone SSL utility named migratessl. The migration utility is included with the product as a batch file for Windows systems and a shell script for UNIX systems. The utility is installed in the federation_install_dir/bin folder.
The process to migrate SSL files is as follows:
|
Copyright © 2013 CA.
All rights reserved.
|
|