Out of support

 

This documentation supports the 8.1 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.

Click here to view the documentation for a supported version of Remedy Single Sign-On.

Importing certificate chains and intermediate certificates

You might receive an error telling you that the certificate chain is missing when you try to import the certificate that you received from your CA. If you see this error, you must get the complete certificate chain and all of the intermediate certificates from your CA.

Importing a certificate chain

 If you receive a certificate chain in a single file, it must have a file name with extension cert_name.p7b (PKCS#7) format. Import the certificate chain by using the following command: 

keytool -importcert -keystore $CATALINA_HOME/conf/keystore.p12 -trustcacerts -alias tomcat -keypass <truststore_password> -storepass <truststore_password> -file <certificatefilename> -storetype PKCS12 -providername JsafeJCE -keyalg RSA
  • <truststore_password> — The password used to authenticate the truststore certificate. The default keystore password is internal4bmc.

  • <certificatefilename> — The name of the certificate chain file; for example, cert_name.p7b

Importing intermediate certificates

If the complete chain is unavailable as a single file, you must import all of the intermediate certificates.

To import the intermediate certificates

  1. Get all of the intermediate CA certificates leading to the root.
    For more information, see 
    Getting intermediate CA certificates.
  2. Import the intermediate certificates and the root certificate into keystore.p12 by using the following command.Start with the root certificate and then import all of the intermediate certificates.
keytool -v -importcert -trustcacerts -alias <UNIQUE_ALIAS> -keyalg RSA -keystore keystore.p12 -storepass <truststore_password> -storetype pkcs12 -providername JsafeJCE -file <intermediatecertfile>
  • <truststore_password> — The password used to authenticate the truststore certificate. The default keystore password is internal4bmc.

  • <intermediatecertfile> — The name of the intermediate certificate file; for example, cert_name.cer

 You must provide a unique alias for each certificate.

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Andy Meboldt

    To import the certificate chain you have to use the parameter "-import" and not "-importcert". The above mentioned command is wrong.

    Use this one:

    keytool -import -keystore $CATALINA_HOME/conf/keystore.p12 -trustcacerts -alias tomcat -keypass <truststore_password> -storepass <truststore_password> -file <certificatefilename> -storetype PKCS12 -providername JsafeJCE -keyalg RSA

    Nov 20, 2017 09:01
    1. Kamalakannan Srinivasan

      Hi Andy,

      Thank you for your comment. You may want to refer the below topic for updated details.

      Importing a certificate chain or intermediate certificates

      Thanks and regards,

      Kamal

      Nov 21, 2017 02:46