Well, no, not really. I ended up calling CA Support and they sent me the appropriate documentation regarding SSL certs for PPM. Here's the correct answer, from Syed.
Good Afternoon Allison
Please use these steps
(the information is available in the CA-PPM installation guide for release 14.2
----------------------------------------------------------------------------------------------------------
Create Certificate Signing Requests (CSRs) For production systems, replace the test certificate with a real, certified certificate. To obtain a certified certificate, create a certificate signing request (CSR) and send it to a certificate authority. The certificate authority generates a real certificate that authenticates your public key.
Use the Java command keytool to create the CSR. The required Java parameters are defined in the following procedure.
See the Oracle web site for complete information about parameters for this Java command.
Follow these steps:
- On the CA Clarity PPM application server, open a command prompt, and issue the following command:
keytool -certreq -keystore /<clarity home>/config/.keystore -keyalg RSA -file caclarityppm.csr
2. Define the following values:
-certreq
Generates a certificate signing request (CSR).
keystore
Specifies the path and filename of the keystore file. By default the keystore is named
.keystore and is located in the <clarity home>/config/ directory.
keyalg
Specifies the algorithm (RSA) to use when generating the key pair.
file
Specifies the name (caclarityppm.csr) of the generated certificate request file.
3. Using your web browser, go to your certificate authority website, and provide the contents of the CSR file you generated.
Use the process that your certificate authority specifies. Your CSR is provided to you by your certificate authority.
4. Copy the contents of the new certificate into a file on the CA Clarity PPM application server (for example, caclarityppm.cer).
Note: Your private key remains unaffected.
Install Certificate Signing Requests
Import the reply from the certificate authority and replace your self-signed certificate with a chain of certificates. At the bottom of the chain is the certificate that the certificate authority issues to authenticate your public key. The next certificate in the chain is one that authenticates the certificate authority public key.
To create a keystore file containing your private key which is paired with the signed certificate from your certificate authority, use the following procedure.
Follow these steps:
- Open the CA Clarity PPM application server, open a command prompt, and issue the following command:
keytool -import -keystore /<clarity home>/config/.keystore -keyalg RSA -file CA Clarity PPM.cer -trustcacerts
Note: You can be required to import your certificate authority’s root intermediate certificate into your keystore file before you import your certificate.
See your certificate authority documentation for more information.
2. Enter the keystore password and press Enter.
3. Enter yes.
--------------------------------------------------------------------------------------------------------
For additional information please refer to Pages 198 - 200 thanks Syed.
There is one more step - you need to run "service stop start app" to get the new certificate to be used.