Importing the certificate into the keystore

If the required certificate is not in the truststore, then use the keytool command to import the certificate into the keystore. Before executing the command, be sure to initialize the environment.

To import the certificate into the keystore

1. From the command prompt, change your working directory to <installationDirectory>\AtriumSSO\tomcat\conf.
2. Add the bin directory to the PATH environment variable.
    (UNIX) PATH=<installationDirectory>/AtriumSSO/jdk/bin:$PATH; export PATH
    (Microsoft Windows) SET PATH=<installationDirectory>\AtriumSSO\jdk\bin;%PATH%
3. After the PATH variable is set, execute the following keytool command:
   keytool -importcert -v -alias Alias1 -file AtriumSSO.pem -storepass changeit -providername JsafeJCE -keystore cacerts.p12 -storetype PKCS12
    In this keytool command example, the certificate being imported is in the AtriumSSO.pem file. If you are importing multiple certificates, alter the specified alias to create a unique name (for example, change Alias1 to Alias2). If you do not create a unique alias name, the operation replaces the previously imported certificate with the newly specified one.
4. Restart your applications as appropriate.

When making changes to a browser's client certificates and the truststore certificates, the applications might require a restart before the certificate changes take place.

• When importing a new certificate into the truststore of the Atrium Single Sign-On server, this new certificate is not used until the Atrium Single Sign-On server has been restarted.
• With Firefox, the certificates are typically available, however, a restart might be required.
• On Windows, a restart might be required as well as firetray process termination.