Re: SSL with 3rd Party Certificate Authority (414 Views)
Reply
Trusted Contributor
Posts: 64
Registered: ‎07-06-2011
Message 1 of 7 (593 Views)
Accepted Solution

SSL with 3rd Party Certificate Authority

Has anyone been able to use a 3rd party Certificate Authority when setting up SSL with Service Manager?  I can get the self-signed certificate setup to work, however my company does not want this type of security cert in their environment deeming it 'insecure'.  HP support was unable to give me instructions on using 3rd party CA and I haven't found any posts in this forum regarding it. I tried to follow the self-signed CA instructions & just leave out the part where you create the generic CA & import it into the truststore, but that did not work. I admit to not having much knowledge in this space, so any hints would be appreciated.

Trusted Contributor
Posts: 64
Registered: ‎07-06-2011
Message 2 of 7 (578 Views)

Re: SSL with 3rd Party Certificate Authority

Of course as soon as I post this, I figure out the issue.  I needed to import the signed certificate with the same alias that i gave the keystore when initially generating the key pairs (and i also needed to import the root certificate first, then the signed cert).  Everything is working just fine now.  Posting this in case anyone runs into any issues w/ setting up certs with 3rd party CA

Highlighted
Advisor
Posts: 24
Registered: ‎04-10-2013
Message 3 of 7 (414 Views)

Re: SSL with 3rd Party Certificate Authority

Hello,

 

Do you have any detailed steps on how to import externally purchased certificate? Do you want is the name of the certificate that you have ordered. 

Advisor
Posts: 32
Registered: ‎03-17-2011
Message 4 of 7 (201 Views)

Re: SSL with 3rd Party Certificate Authority

 

inself sign certificate we have seen that client keystore hold the root as well as server certificate.

 

Does it also require to have in similar way for 3rd party certificate in similar way for client keystore

 

another question which certificate would present truststore file. i.e. root or server certificate.

 

Advisor
Posts: 32
Registered: ‎03-17-2011
Message 5 of 7 (172 Views)

Re: SSL with 3rd Party Certificate Authority

 

actually the in certificate  there is a parameter called enhance key usage . for mcirosoft certificate found it does not work in hp sm

Frequent Advisor
Posts: 53
Registered: ‎12-27-2011
Message 6 of 7 (140 Views)

Re: SSL with 3rd Party Certificate Authority

Hi Experts,

 

I have done the SSO with self signed certificate, but my clients wants to use the Athorised CA cerificate for SSO.

 

any one can share the steps to import the Athorised Certificate for the same.

 

Regards,

Nagaraja B Sagar

 

Frequent Advisor
Posts: 53
Registered: ‎12-27-2011
Message 7 of 7 (78 Views)

Re: SSL with 3rd Party Certificate Authority

Finally I found the solution for this request.

 

Below Steps for generating the Authorized certificate for Single Sign On:

 

  • Once you generated the all the self-signed certificate one “crs” folder will created.

 

  • Under the “crs” folder “clientcert_request.crs” and “servercert_request.crs” file will created.

 

  • We have to provide these two files (“clientcert_request.crs” and “servercert_request.crs”) into CA Team then they will provide app.cer and web.cer file to us.

 

Server

  • Rename app.cer to app.pem and run the following command:

 

  • keytool -import -trustcacerts -alias sm -keystore key/server.keystore -file certs/smcert.pem -storepass changeit

 

Client

 

  • Rename webserver.cer to webserver.pem and run the following command

 

  • keytool -import -trustcacerts -alias smclient -keystore WEBSERVER.keystore -file WebServer.pem -storepass changeit

 

  • The following steps were performed to create and update the trustedclients.keystore for each client added.

 

  • keytool -export -alias smclient -keystore WEBSERVER.keystore -file clientpubkey.cert -storepass changeit

 

  • keytool -import -alias SIDCITSMWEB01.in.ril.com -file clientpubkey.cert -keystore trustedclients.keystore -storepass changeit

 

 

  • Below step For When you generate the Authorized Certificate using different path for Java and folder of the certificate

 

 

 

  • keytool -import -trustcacerts -alias sm -keystore key/server.keystore -file certs/smcert.pem -storepass changeit

 

  • or

 

D:\Working Backup\Production\RIL_SSO>"c:\Program Files (x86)\Java\jdk1.7.0_25\bi

n\keytool.exe" -import -trustcacerts -alias sm -keystore "d:\Working Backup\Prod

uction\RIL_SSO\key\SIDCITSMWEB01.in.ril.com.keystore" -file "d:\Working Backup\P

roduction\RIL_SSO\certs\web.pem" -storepass changeit

 

 

D:\Working Backup\Production\RIL_SSO>"c:\Program Files (x86)\Java\jdk1.7.0_25\bi

n\keytool.exe" -import -trustcacerts -alias sm -keystore "d:\Working Backup\Prod

uction\RIL_SSO\key\SIDCITSMWEB02.in.ril.com.keystore" -file "d:\Working Backup\P

roduction\RIL_SSO\certs\web.pem" -storepass changeit

 

D:\Working Backup\Production\RIL_SSO>"c:\Program Files (x86)\Java\jdk1.7.0_25\bi

n\keytool.exe" -import -trustcacerts -alias sm -keystore "d:\Working Backup\Prod

uction\RIL_SSO\key\server.keystore" -file "d:\Working Backup\P

roduction\RIL_SSO\certs\server.pem" -storepass changeit

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.