6.3.5 Importing a Certificate to ServerView SSO Authentication Server

This section explains how to import a certificate to the ServerView SSO authentication server.

Export the registered certificate information.

Use the following command to export the registered certificate information:

scsexppfx -n <certificate nickname> -f <export file name>

The parameters to specify in the command are shown below.

Setting item	Setting value
Certificate nickname	Select the nickname that was specified when the site certificate was registered in the Interstage certificate environment as described in "6.3.3 Getting and Registering a Certificate". Registered site certificates can be viewed at the Interstage Management Console at System >> Security >> Certificates >> Site Certificates window.
Export file name	Specify the temporary file name used for import in Step 2.

Setting item

Setting value

Certificate nickname

Select the nickname that was specified when the site certificate was registered in the Interstage certificate environment as described in "6.3.3 Getting and Registering a Certificate".

Registered site certificates can be viewed at the Interstage Management Console at System >> Security >> Certificates >> Site Certificates window.

Export file name

Specify the temporary file name used for import in Step 2.

Import the certificate information to the authentication server.

Use the commands shown below to import the certificate information to the authentication server.

[Windows]

<JDK6 installation directory>\bin\keytool.exe -importkeystore -srckeystore <export file name> -destkeystore "<ServerView Suite installation folder>\jboss\server\serverview\conf\pki\cacerts" -srcstoretype PKCS12

[Linux]

<JDK6 installation directory>/bin/keytool -importkeystore -srckeystore <export file name> -destkeystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts -srcstoretype PKCS12

Delete the export file.
Delete the export file specified in Step 2.

Example

[Windows]

Use screen input for the following commands:

- Certificate nickname: testCert
- Export file name: c:\work\isas.p12

C:\>scsexppfx -n testCert -f c:\work\isas.p12
Password:<Interstage certificate environment password>
PKCS#12 Password:<Password of the certificate being exported> <- Used by the command parameters shown below.
Retype:<Password of the certificate being exported>

C:\>cd C:\Program Files (x86)\Java\jre6\bin
C:\Program Files (x86)\Java\jre6\bin>keytool.exe -importkeystore -srckeystore c:\work\isas.p12 -destkeystore "C:\Program Files (x86)\Fujitsu\ServerView Suite\jboss\server\serverview\conf\pki\cacerts" -srcstoretype PKCS12

Enter destination keystore password:<jboss certificate creation environment password: The default is changeit.>
Enter source keystore password:<Password at time of export> <- Specify the password that was specified for the above command.

del c:\work\isas.p12

[Linux]

Use screen input for the following commands:

- Certificate nickname:testCert
- Export file name: /tmp/isas.p12

# scsexppfx -n testCert -f /tmp/isas.p12
Password:<Interstage certificate environment password>
PKCS#12 Password:<Password of the certificate being exported><- Used by the command parameters shown below.
Retype:<Password of the certificate being exported>
# cd /usr/java/jre1.6.0_02/bin
# ./keytool -importkeystore -srckeystore /tmp/isas.p12 -destkeystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts -srcstoretype PKCS12

Enter destination keystore password:<jboss certificate creation environment password: The default is changeit.>
Enter source keystore password:<Password at time of export> <- Specify the password that was specified for the above command.

# rm /tmp/isas.p12
#