DX NetOps

Hi All,

My Cert group is having difficulties in getting our certificates installed on our Oneclick servers. Clearly  they have no experience with installing on a tomcat web server on windows.  We are installing our own company generated certificates and we were hoping there is a TEC bulletin or a step by step someone could provide to assist them in this windows tomcat install.  Went to the doc-ops for 10.2 spectrum documentation and its very brief and not very informative leaving a lot to the imagination.

TIA

Hi Patrick,  

The steps outlined here are what I generally use when walking customers through cert importing:

Configure OneClick for Secure Sockets Layer - CA Spectrum - 10.2 to 10.2.3 - CA Technologies Documentation 

There are a couple of items to take note on:

Be sure to use the keytool we ship with Spectrum

You may need to specify a keysize of 2048 when you create the key..so your command would be:

./keytool -genkey -alias tomcatssl -keyalg RSA -keysize 2048 -keystore c:/win32app/Spectrum/custom/keystore/cacerts

Be sure that you generate a unique key on each OC and from that key generate the CSR.  

If you have multiple OC, you will need to run the genkey/csr creation on each of them.

Make a copy of your $SPECROOT/custom/keystore/cacerts file.  If you mess up, you can start from this copy instead of having to start all over with new keys and csr.

The key that you receive back needs to be imported on the OC box that you submitted the csr for.  You cannot use it on another OC machine.

If you don't get a cert that includes root and any intermediate, make sure you import those before importing the final cert.

Cheers

Jay