How can I import a public key certificate to allow SilkCentral Test Manager to communicate with SSL connection?



How can I import a public key certificate to allow SilkCentral Test Manager to communicate with SSL connection?


To prepare a web-server for accepting https (SSL) connections, the administrator must create a public key certificate for the web-server. Certificate validation is a very important part of Secure Sockets Layer (SSL) security. In order for the host machine to be able to communicate with the test certificate, this certificate needs to be imported into the application"s "Trusted Certificate Authority".

It is standard procedure that the site administrator creates certificates for each user, which are loaded into their browser. These normally contain the name and e-mail address of the authorized user, and are automatically checked by the server on each reconnect - to verify the user"s identity, potentially without ever entering a password.

If the certificate has not been imported, you may received the following error in SilkCentral Test Manager:

Certificate Error

In order to resolve the above error the user will need to import the required certificate.

On the FrontEnd server machine:

  • Open the browser, let"s say IE, and go to the application"s home URL (e.g. https://hostname/silk)
  • You might see a dialog box warning you about the certificate.
    • Click on "View Certificate" - The certificate detail screen appears.
    • Click on "Install certificate" and complete the subsequent certificate import wizard (store it in "Trusted Root Certification Authorities").
    • The dialog should confirm with a message like "The import was successful".
  • You should now see the certificate by selecting Tools | Internet Options | Content tab | "Certificates" Button. Go to tab "Trusted Root Certification Authorities", select the certificate you have installed before and click "Export".
  • Select "DER encoded binary X.509" and click "next"
  • Choose a location for the storage of the certificate file (e.g. c:\hostname.cer) and complete the Export wizard.
  • Then use the "keytool -import" command to import the file into your JRE"s Certification Authorities keystore: "%SCTMpath%\lib\jre\bin\keytool" -import -alias tomcat -keystore "%SCTMpath%\lib\jre\lib\security\cacerts" -file c:\hostname.cer
  • Type in the keystore password (inital one is "changeit")
  • Confirm the following prompt "Trust this certificate?" with "yes"
  • A message like "Certificate was added to keystore" should now show up.
  • This should now confirm that your private certificate has been added to the application"s keystore as a Trusted Certificate Authority.

You can also import the exported certificate by:

  • Going to %SCTM%\lib\jre\bin and execute javacpl.exe
  • Select tab security and click certificates
  • Click import and select the generated certificate

*Note: you will have to perform the above steps on any client machine that will be accessing SCTM on a remote machine that requires SSL connection.

Old KB# 25156
Comment List