Configuring Infrastructure Management Server for 256-bit SSL encryption
- Stop the Infrastructure Management Server.
- Create the certificate with the .der or .cer format. For example, iascert.cer is generated using certsrv from Windows.
- If you cannot access the LDAP or Active Directory server, use JXplorer (an open source LDAP browser) to export the server certificate to a file by following these steps:
- Using JXplorer, connect to the LDAP server.
- From the menu bar, select Security > Trusted Servers and CAs.
- Select the appropriate certificate, and click View Certificate.
- In the General tab, click Copy to File.
- Select the file location and type the file name for the certificate.
- Copy the certificate file to the installationDirectory\TrueSight\pw\jre\lib\security directory.
- Ensure that your Windows path contains the installationDirectory\TrueSight\pw\jre\bin path.
- Enter the following command specifying the complete certificate and keystore path:
keytool -importcert -v -trustcacerts -alias LDAP123 -file server.der -keystore pnserver.ks - When prompted, enter the keystore password.
The default keystore password is get2net. - Back up the following files in the installationDirectory\TrueSight\pw\jre\lib\security directory:
- local_policy.jar
- US_export_policy.jar
From the Sun website (http://www.oracle.com/technetwork/java/javase/downloads/index.html), download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files zip files (UnlimitedJCEPolicyJDK7.zip), which contains the following files:
- local_policy.jar
- US_export_policy.jar
Copy these files into the installationDirectory\TrueSight\pw\jre\lib\security directory.
These files are required for unlimited encryption strength over a network.- Restart the Infrastructure Management Server.