Importing a certificate into the keystore
After generating a new certificate and getting it signed by a Certificate Authority (CA), you must import the certificate into the keystore. The certificate must be in
- Printable DER format (file extension .pem)
- Binary DER format (file extensions .cer, .crt, or .der)
- PKCS#12 format.
To import the certificate
- On the BMC Atrium SSO Admin Console, click Edit Server Configuration. The Server Configuration Editor is displayed.
- On the Certificates tab, select KeyStore from the Certificate Store list.
- Click Import. The Upload Certificate dialog box is displayed. You can upload the certificate by using one of the following options:
- PEM Encoded Certificate — Use this option to copy the certificate details.
- HTTPS URL — Enter the host and port from which to capture a certificate.
- DER/PEM/PKCS12 Encoded File — To import a key pair, upload the PEM-encoded PEM or DER files. To import a chain of certificates, upload the PKCS#12 file. When you select PKCS#12, an additional password field is provided, allowing you to enter the password for the keystore. This password is used for decrypting the private key of the signed certificate.
- Click Upload. After the file is uploaded, the Import Certificate Editor is displayed. This editor displays all the information about the imported certificate. If the certificate that you have imported is a chained certificate, the hierarchy of the certificate chain is displayed in the Import Certificate Editor.
- Enter the alias (tomcat) for each certificate or key pair that you are uploading to the KeyStore.
Click OK to close the Import Certificate Editor. You are prompted to confirm whether you want to copy the same certificate in the TrustStore. Based on your confirmation, the certificate is created, and it appears in the list of TrustStore certificates as well.
- Click Save to close the Server Configuration Editor.
- Stop and restart the BMC Atrium Single Sign-On server.
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*