Please review the following link to the product documentation as I believe it will provide you with the info you need.
CA Identity Suite Documentation
Add a Certificate for a Connector
CA IAM Connector Server has its own keystore. You can add trusted certificates (either standalone certificates or keystores) to this keystore, using the Certificates tab.
When you work with CA IAM Connector Server certificates, your changes apply only to the connector server that you are logged in to. The certificates for any peer connector servers remain unchanged.
Follow these steps:
- Log in to CA IAM Connector Server.
- Click the Certificates tab.
This tab lists all of the certificates in the CA IAM Connector Server keystore. To filter the list of certificates by their names, type in the Certificate Filter box.
- Click Add, then enter the details of the certificate:
- Select Certificate if the target is a standalone certificate file, or Key Store, if it is saved in a keystore.
- Browse to the certificate, select it, and click Add.
- Enter the alias. If you selected Key Store, this alias identifies the certificate in the keystore.
- If you selected Key Store, enter the keystore password.
The certificate or keystore is added to the CA IAM Connector Server keystore, and the certificate is available for use by connectors.
Note the following information:
- To download a certificate, select it then click Download. You can download a certificate for either a private key or trusted certificate. You can then import this file another component, such as another instance of CA IAM Connector Server.
- To delete a certificate from the CA IAM Connector Server keystore, select it then click Remove. You can remove any trusted certificate from the CA IAM Connector Server keystore. However, you cannot remote private key entries, because these keys are required by CA IAM Connector Server.
- You cannot use the Certificates tab to manage private keys. Instead, update the Java keystore file and restart CA IAM Connector Server.