Highlighted
Absent Member.
Absent Member.
1810 views

SSL with 3rd Party Certificate Authority

Jump to solution

Has anyone been able to use a 3rd party Certificate Authority when setting up SSL with Service Manager?  I can get the self-signed certificate setup to work, however my company does not want this type of security cert in their environment deeming it 'insecure'.  HP support was unable to give me instructions on using 3rd party CA and I haven't found any posts in this forum regarding it. I tried to follow the self-signed CA instructions & just leave out the part where you create the generic CA & import it into the truststore, but that did not work. I admit to not having much knowledge in this space, so any hints would be appreciated.

Tags (1)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Absent Member.
Absent Member.

Re: SSL with 3rd Party Certificate Authority

Jump to solution

Of course as soon as I post this, I figure out the issue.  I needed to import the signed certificate with the same alias that i gave the keystore when initially generating the key pairs (and i also needed to import the root certificate first, then the signed cert).  Everything is working just fine now.  Posting this in case anyone runs into any issues w/ setting up certs with 3rd party CA

View solution in original post

7 Replies
Highlighted
Absent Member.
Absent Member.

Re: SSL with 3rd Party Certificate Authority

Jump to solution

Of course as soon as I post this, I figure out the issue.  I needed to import the signed certificate with the same alias that i gave the keystore when initially generating the key pairs (and i also needed to import the root certificate first, then the signed cert).  Everything is working just fine now.  Posting this in case anyone runs into any issues w/ setting up certs with 3rd party CA

View solution in original post

Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: SSL with 3rd Party Certificate Authority

Jump to solution

Hello,

 

Do you have any detailed steps on how to import externally purchased certificate? Do you want is the name of the certificate that you have ordered. 

0 Likes
Highlighted
Respected Contributor.. Respected Contributor..
Respected Contributor..

Re: SSL with 3rd Party Certificate Authority

Jump to solution

 

inself sign certificate we have seen that client keystore hold the root as well as server certificate.

 

Does it also require to have in similar way for 3rd party certificate in similar way for client keystore

 

another question which certificate would present truststore file. i.e. root or server certificate.

 

0 Likes
Highlighted
Respected Contributor.. Respected Contributor..
Respected Contributor..

Re: SSL with 3rd Party Certificate Authority

Jump to solution

 

actually the in certificate  there is a parameter called enhance key usage . for mcirosoft certificate found it does not work in hp sm

0 Likes
Highlighted
Established Member..
Established Member..

Re: SSL with 3rd Party Certificate Authority

Jump to solution

Hi Experts,

 

I have done the SSO with self signed certificate, but my clients wants to use the Athorised CA cerificate for SSO.

 

any one can share the steps to import the Athorised Certificate for the same.

 

Regards,

Nagaraja B Sagar

 

0 Likes
Highlighted
Established Member..
Established Member..

Re: SSL with 3rd Party Certificate Authority

Jump to solution

Finally I found the solution for this request.

 

Below Steps for generating the Authorized certificate for Single Sign On:

 

  • Once you generated the all the self-signed certificate one “crs” folder will created.

 

  • Under the “crs” folder “clientcert_request.crs” and “servercert_request.crs” file will created.

 

  • We have to provide these two files (“clientcert_request.crs” and “servercert_request.crs”) into CA Team then they will provide app.cer and web.cer file to us.

 

Server

  • Rename app.cer to app.pem and run the following command:

 

  • keytool -import -trustcacerts -alias sm -keystore key/server.keystore -file certs/smcert.pem -storepass changeit

 

Client

 

  • Rename webserver.cer to webserver.pem and run the following command

 

  • keytool -import -trustcacerts -alias smclient -keystore WEBSERVER.keystore -file WebServer.pem -storepass changeit

 

  • The following steps were performed to create and update the trustedclients.keystore for each client added.

 

  • keytool -export -alias smclient -keystore WEBSERVER.keystore -file clientpubkey.cert -storepass changeit

 

  • keytool -import -alias SIDCITSMWEB01.in.ril.com -file clientpubkey.cert -keystore trustedclients.keystore -storepass changeit

 

 

  • Below step For When you generate the Authorized Certificate using different path for Java and folder of the certificate

 

 

 

  • keytool -import -trustcacerts -alias sm -keystore key/server.keystore -file certs/smcert.pem -storepass changeit

 

  • or

 

D:\Working Backup\Production\RIL_SSO>"c:\Program Files (x86)\Java\jdk1.7.0_25\bi

n\keytool.exe" -import -trustcacerts -alias sm -keystore "d:\Working Backup\Prod

uction\RIL_SSO\key\SIDCITSMWEB01.in.ril.com.keystore" -file "d:\Working Backup\P

roduction\RIL_SSO\certs\web.pem" -storepass changeit

 

 

D:\Working Backup\Production\RIL_SSO>"c:\Program Files (x86)\Java\jdk1.7.0_25\bi

n\keytool.exe" -import -trustcacerts -alias sm -keystore "d:\Working Backup\Prod

uction\RIL_SSO\key\SIDCITSMWEB02.in.ril.com.keystore" -file "d:\Working Backup\P

roduction\RIL_SSO\certs\web.pem" -storepass changeit

 

D:\Working Backup\Production\RIL_SSO>"c:\Program Files (x86)\Java\jdk1.7.0_25\bi

n\keytool.exe" -import -trustcacerts -alias sm -keystore "d:\Working Backup\Prod

uction\RIL_SSO\key\server.keystore" -file "d:\Working Backup\P

roduction\RIL_SSO\certs\server.pem" -storepass changeit

0 Likes
Highlighted
Respected Contributor.. Respected Contributor..
Respected Contributor..

Re: SSL with 3rd Party Certificate Authority

Jump to solution

Did anyone work with the Certificate authority of the client instead of the certificate authority of HP SM in SSO?

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.