Agent Guides › SAML Affiliate Agent Guide › Add Certificate Authorities to the Affiliate Key Store › Modify the AM.keystore Database › Import Root Certificate Authorities for Basic over SSL Authentication

Import Root Certificate Authorities for Basic over SSL Authentication

Do one of the following:

• If you select the Basic over SSL authentication scheme and you are using one of the root certificates already in the AM.keystore file, then no additional configuration is required.
• If you are using a root certificate that is not in the AM.keystore, then the certificate has to be imported into the key store.

To set up the AM.keystore for Basic over SSL authentication:

1. Obtain a root certificate.
2. Check whether the CA is in the database by running the following Java keytool command:

   keytool -list -v -keystore "path_to_AM.keystore"

   If it is in the key store, configuration is complete. If it is not in the key store, import it as instructed in the next step.

   The output of the keytool -list command is similar to the following:

   Your keystore contains 12 entries:

   Alias name: verisignclass3ca

   Creation date: Aug 1, 2005

   Entry type: trustedCertEntry

   Owner: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

   Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

   Serial number: e49efdf33ae80ecfa5113e19a4240232

   Valid from: Mon Aug 1 19:00:00 EST 2005 until: Wed Aug 3 18:59:59 EST 2005

   Certificate fingerprints:

   MD5:78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D

   SHA1:4F:65:56:63:36:DB:65:98:58:1D:58:4A:59:6C:87:93:4D:5F:2A:B4

3. To import a new CA certificate, start at a command prompt and enter the following:

   keytool -import -alias key_alias -file cert_file -trustcertst
   -keystore key_store

4. At the prompt, enter the key store password.
5. When asked if you trust the certificate, enter YES.

   The certificate is added to the AM.keystore.