My webMethods Server 10.11 | My webMethods Server Webhelp | Administering My webMethods Server | Startup and Configuration | My webMethods Server and HTTPS | Using My webMethods Server as an HTTPS Client | Importing CA Certificates
 
Importing CA Certificates
*To import CA certificates into the trusted CA store file of the My webMethods Server JVM
1. Locate the CA certificate you need to add to the trusted CA store file and ensure it is available on the machine running My webMethods Server.
2. At a command line prompt, type the following command to move to the jvm\lib\security directory:
cd Software AG_directory\jvm\operating_system\jre\lib\security
3. Type the following command to import the CA certificate into the trusted CA store file:
..\..\..\bin\keytool -import -v -keystore
cacerts -file <cacert.der> -alias <aliasName>
where:
*-file <cacert.der> identifies the path and file name of the file that contains the CA certificate you want to import
*-alias <aliasName> assigns an alias to the certificate to identify the entry in the key store file. Select a value that is meaningful to you.
For example, to import the CA certificate named serverCAcert.der, which is stored in the same directory as the cacerts file, and identify the new entry in the key store file as SERVERCA, you would use the following command:
..\..\..\bin\keytool -import -v -keystore
cacerts -file serverCAcert.der -alias SERVERCA
4. After entering the keytool command, the command prompts you for the password for the cacerts file. Type the password. By default, the password is changeit.
5. After entering the password, the keytool command prompts to verify that you want to import the CA certificate. Type y for yes.
6. To ensure that the CA certificate was successfully imported into the trusted CA store file, enter the following command:
..\..\..\bin\keytool -list -keystore cacerts
The keytool command prompts for the password for the cacerts file. Type the password.
Example
Assume that you want the WmTaskClient Package to communicate with My webMethods Server on the same computer using SSL. In this example, we use the default My webMethods Server truststore.
1. If you have not already done so, configure My webMethods Server to use an HTTPS port. For example, set the HTTPS port to 8586. For more information on how to set an HTTPS port, see Communicating with webMethods Applications Using HTTPS.
2. In Integration Server, configure the WmTaskClient Package to communicate using the HTTPS port configured in the previous step (8586).
3. Create a temporary directory in which to store the CA certificate, such as C:\temp.
4. At a command line prompt, move to the directory of the JVM keytool command:
cd Software AG_directory\jvm\operating_system\jre\lib\security
5. Type the following command to extract the CA certificate from the default My webMethods Server truststore:
keytool -export -alias "softwareag demo" -file c:\temp\sagca.crt
-keystore Software AG_directory\MWS\server\default\config\
security\sagdemoca.jks
6. At the prompt, type the truststore password. For the default My webMethods Server truststore, the password is manage.
7. To import the CA certificate into the trusted CA store of the JVM, type the following command:
keytool -import -trustcacerts -file c:\temp\sagca.crt
-alias "softwareag demo" -keystore  Software AG_directory\jvm\
jvm160_32\jre\lib\security\cacerts
Note:
If you are running on a 64-bit operating system, change jvm160_32 to jvm160_64.
8. At the prompt, type the password for the trusted CA store file of the JVM. By default, the password is changeit.
9. To verify that you want to import the CA certificate, type y for yes.
10. Restart Integration Server so it will use the new CA certificate.