How to install and use a CA Certificate (.pfx) using Service Catalog 17.0?

Document ID:  TEC1422392
Last Modified Date:  12/01/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Service Catalog

Releases

  • CA Service Catalog:Release:17.0

Components

  • CA SERVICE CATALOG:USVCT
Question:

How to install and use a CA Certificate (.pfx) using Service Catalog 17.0?

Environment:
Service Catalog 17.0
Answer:

1. "Create Keystore File"

keytool -genkey -alias alias_name -keyalg RSA -keystore "USM_HOME\.keystore" -keysize 1024

ensure .keystore is created in USM_HOME\.keystore

2. Copy pfx to %USM_HOME%

3. Run %USM_HOME%\usm.cmd

4. Type:

keytool -importkeystore -deststorepass <pfx_password> -destkeystore "%USM_HOME%\.keystore" -srckeystore <pfx_file> -srcstoretype PKCS12 -srcstorepass <pfx_password>

5. Set password in %USM_HOME%\viewService.conf:

wrapper.java.additional.11=-Djavax.net.ssl.trustPass=<pfx_password>

6. Set the path to the keystore:

wrapper.java.additional.10=-Djavax.net.ssl.trustStore="C:/Program Files/CA/Service Catalog/.keystore"

7. Open the .pfx and install on the machine. Export all the certificate chain and import into the keystore:

keytool -import -alias <alias_name> -file <certfile> -keystore <path_and_file_specification_for_keystore>

Example import 3 certificates:

keytool -import -alias root -file "C:\Users\Administrator\Desktop\Certificados\test\root.cer" -keystore "C:\Program Files\CA\Service Catalog\.keystore"
keytool -import -alias intermediate -file "C:\Users\Administrator\Desktop\Certificados\test\intermmediate.cer" -keystore "C:\Program Files\CA\Service Catalog\.keystore"
keytool -import -alias last -file "C:\Users\Administrator\Desktop\Certificados\test\last.cer" -keystore "C:\Program Files\CA\Service Catalog\.keystore"

8. Run a list command to get the alias of the pfx, which should be similar to:

keytool -list -v -keystore "C:\Program Files\CA\Service Catalog\.keystore" > list.txt

The alias id should be similar to:

le-c337f214-5606-4b20-bcc1-2af15b2a4f53

9. Remove the self-signed from the keystore:

keytool -delete -alias <alias_value_from_step1> -keystore "C:\Program Files\CA\Service Catalog\.keystore"

10. Go to %USM_HOME%\view\conf\server.xml and configure the following:


<Connector port="8443" enableLookups="false" tomcatAuthentication="false" maxHttpHeaderSize="20480"
maxThreads="400" minSpareThreads="25" maxSpareThreads="100" debug="0" connectionTimeout="15000"
disableUploadTimeout="true" compression="on" compressionMinSize="2048"
compressableMimeType="text/html,text/plain,text/xml,text/css,text/javascript,image/png,image/gif,image/jpeg,application/json"
scheme="https" secure="true" clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
keystoreFile="C:/Program Files/CA/Service Catalog/.keystore" keyAlias="le-c337f214-5606-4b20-bcc1-2af15b2a4f53" keystorePass="password" URIEncoding="UTF-8/"
ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA"/>

11. Start Catalog services.

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >