How to install SSL Certificates into an Access Governance Suite appliance

  • Document ID:7004045
  • Creation Date:31-Jul-2009
  • Modified Date:26-Apr-2012
    • Micro Focus Products:
      Access Governance
      Identity Manager

Environment

Novell Access Governance Suite 3.6.1
Novell Access Governance Suite 3.6.2

Situation

How to manually install SSL Certificates into an Access Governance Suite appliance.

Resolution

This process can be used to manually install certificates. This process is used when the root and sub-certificates have the same name. It requires command line/root access to the machines.

There is a minimum of two certificates required a root and a server certificate occasionally an "intermediate root" certificate is also required

Creating the Appliance Server Request File

  1. 1. Generate a certificate request from the AGS UI (see the help documentation on the process)
  1. 2. Provide the file to the customer certificate authority for generation of an SSL server certificate.

This creates the "server certificate" to authenticate the Aveksa server in the network. In most installations a root and possible an intermediate certificate are required.

Installing the Root Certificates

  1. 1. Obtain the site root certificate(s)
  1. 2. Log into the AGS machine on the appliance (on a cluster log-in to the active node) as the root user
  1. 3. Upload the root certificates to:

/usr/bin/jdk1.5.0_06/jre/lib/security

  1. 4. cd to /usr/bin/jdk1.5.0_06/jre/lib/security
  1. 5. Run this command to install the root and optionally the intermediate certificate (you must install the root before the intermediate cert):

2 Installing certificates

keytool -import -file "<certificate Name>" -keystore cacerts -storepass <Aveksa keystore password> -alias AliasRootCert Contact Novell Technical Support for the Keystore Password

  1. 6. Check for proper installation of the certificates with this command:

keytool -list -keystore cacerts -storepass <same pass> | grep <Alias..>

  1. 7. If on a cluster install the certs on the secondary node using steps 3-6 as noted above.

Installing the Appliance Server Certificate

  1. 1. Obtain the server cert from the customer (this is generated from the request file in the first section)
  1. 2. Log into the AGS system UI as a system admin
  1. 3. From the AGS UI (Admin->SSL) Import the server SSL certificate returned to you from the authority in step #2 (see the on-line help for this process)
  1. 4. For a cluster you must make the secondary node the master and Repeat steps 2 and 3 on the secondary node.
  1. 5. If on a cluster swap back to the original primary node (optional)
  1. 6. Restart the ACM server. This will make the system read and install the new certificates
  1. 7. Check for the certificates in the UI (Admin->SSL)
  1. 8. Test with a browser to ensure you are n ot challenged.