Service Manager / Service Center Practitioners Forum
Showing results for 
Search instead for 
Do you mean 

SSL with 3rd Party Certificate Authority

SOLVED
Go to Solution
Highlighted
Trusted Contributor

SSL with 3rd Party Certificate Authority

Has anyone been able to use a 3rd party Certificate Authority when setting up SSL with Service Manager?  I can get the self-signed certificate setup to work, however my company does not want this type of security cert in their environment deeming it 'insecure'.  HP support was unable to give me instructions on using 3rd party CA and I haven't found any posts in this forum regarding it. I tried to follow the self-signed CA instructions & just leave out the part where you create the generic CA & import it into the truststore, but that did not work. I admit to not having much knowledge in this space, so any hints would be appreciated.

6 REPLIES
Trusted Contributor

Re: SSL with 3rd Party Certificate Authority

Of course as soon as I post this, I figure out the issue.  I needed to import the signed certificate with the same alias that i gave the keystore when initially generating the key pairs (and i also needed to import the root certificate first, then the signed cert).  Everything is working just fine now.  Posting this in case anyone runs into any issues w/ setting up certs with 3rd party CA

Advisor

Re: SSL with 3rd Party Certificate Authority

Hello,

 

Do you have any detailed steps on how to import externally purchased certificate? Do you want is the name of the certificate that you have ordered. 

Re: SSL with 3rd Party Certificate Authority

 

inself sign certificate we have seen that client keystore hold the root as well as server certificate.

 

Does it also require to have in similar way for 3rd party certificate in similar way for client keystore

 

another question which certificate would present truststore file. i.e. root or server certificate.

 

Re: SSL with 3rd Party Certificate Authority

 

actually the in certificate  there is a parameter called enhance key usage . for mcirosoft certificate found it does not work in hp sm

Frequent Advisor

Re: SSL with 3rd Party Certificate Authority

Hi Experts,

 

I have done the SSO with self signed certificate, but my clients wants to use the Athorised CA cerificate for SSO.

 

any one can share the steps to import the Athorised Certificate for the same.

 

Regards,

Nagaraja B Sagar

 

Frequent Advisor

Re: SSL with 3rd Party Certificate Authority

Finally I found the solution for this request.

 

Below Steps for generating the Authorized certificate for Single Sign On:

 

  • Once you generated the all the self-signed certificate one “crs” folder will created.

 

  • Under the “crs” folder “clientcert_request.crs” and “servercert_request.crs” file will created.

 

  • We have to provide these two files (“clientcert_request.crs” and “servercert_request.crs”) into CA Team then they will provide app.cer and web.cer file to us.

 

Server

  • Rename app.cer to app.pem and run the following command:

 

  • keytool -import -trustcacerts -alias sm -keystore key/server.keystore -file certs/smcert.pem -storepass changeit

 

Client

 

  • Rename webserver.cer to webserver.pem and run the following command

 

  • keytool -import -trustcacerts -alias smclient -keystore WEBSERVER.keystore -file WebServer.pem -storepass changeit

 

  • The following steps were performed to create and update the trustedclients.keystore for each client added.

 

  • keytool -export -alias smclient -keystore WEBSERVER.keystore -file clientpubkey.cert -storepass changeit

 

  • keytool -import -alias SIDCITSMWEB01.in.ril.com -file clientpubkey.cert -keystore trustedclients.keystore -storepass changeit

 

 

  • Below step For When you generate the Authorized Certificate using different path for Java and folder of the certificate

 

 

 

  • keytool -import -trustcacerts -alias sm -keystore key/server.keystore -file certs/smcert.pem -storepass changeit

 

  • or

 

D:\Working Backup\Production\RIL_SSO>"c:\Program Files (x86)\Java\jdk1.7.0_25\bi

n\keytool.exe" -import -trustcacerts -alias sm -keystore "d:\Working Backup\Prod

uction\RIL_SSO\key\SIDCITSMWEB01.in.ril.com.keystore" -file "d:\Working Backup\P

roduction\RIL_SSO\certs\web.pem" -storepass changeit

 

 

D:\Working Backup\Production\RIL_SSO>"c:\Program Files (x86)\Java\jdk1.7.0_25\bi

n\keytool.exe" -import -trustcacerts -alias sm -keystore "d:\Working Backup\Prod

uction\RIL_SSO\key\SIDCITSMWEB02.in.ril.com.keystore" -file "d:\Working Backup\P

roduction\RIL_SSO\certs\web.pem" -storepass changeit

 

D:\Working Backup\Production\RIL_SSO>"c:\Program Files (x86)\Java\jdk1.7.0_25\bi

n\keytool.exe" -import -trustcacerts -alias sm -keystore "d:\Working Backup\Prod

uction\RIL_SSO\key\server.keystore" -file "d:\Working Backup\P

roduction\RIL_SSO\certs\server.pem" -storepass changeit