Cisco Cisco Prime Service Catalog 10.0 Technical References
5-58
Cisco Prime Service Catalog 10.0 Configuration Guide
OL-31034-01
Chapter 5 System Administration
Configuring SSL for Service Link Outbound Documents
•
Get the signer certificate of the external web server in a file. To do this, you can contact the system
administrator who manages the external web server, and ask him/her to export the signer certificate
(the public key) of the digital certificate used to secure that web server. The signer certificate must
be exported in the “Base64-encoded ASCII” format. The following is an example of what a
Base64-encoded signer certificate looks like:
administrator who manages the external web server, and ask him/her to export the signer certificate
(the public key) of the digital certificate used to secure that web server. The signer certificate must
be exported in the “Base64-encoded ASCII” format. The following is an example of what a
Base64-encoded signer certificate looks like:
-----BEGIN CERTIFICATE-----
MIICPDCCAaUCBE17w1cwDQYJKoZIhvcNAQEEBQAwZTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
MRIwEAYDVQQHEwlTYW4gTWF0ZW8xETAPBgNVBAoTCG5ld1NjYWxlMQswCQYDVQQLEwJRQTEVMBMG
A1UEAxMMS2hhbmcgTmd1eWVuMB4XDTExMDMxMjE5MDI0N1oXDTIxMDMwOTE5MDI0N1owZTELMAkG
A1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTYW4gTWF0ZW8xETAPBgNVBAoTCG5ld1Nj
YWxlMQswCQYDVQQLEwJRQTEVMBMGA1UEAxMMS2hhbmcgTmd1eWVuMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDhTxg2RwarD6Wn4iqYeOOk3ykfXzZiDArf/X63omXquTmN0Up+mg6oJmPAfqJA
l7k4+Dn7dfVtAc4h8qra7PBeBU48zrzRqZd6VAK07rz++CilQto64mHXYVomb5vWPGeKA41j9vlv
ENj/tE/6++IqbwnxAqeZtY3EvEM7dcCWDwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAAaqCnfEAovy
Uf2S+oAXYDo5N387a035APsz5iiUM5oiKR/KW3oRz/v0P0I/o3n312kDIJ01111pl6qpZRtPEsr1
b00Tu1cXfPmizEtz0ole606qDS+DzkS1+YYz2mLL2Zq40d1EPsMolyqyUmyq3GHaEnuhWemcv2aA
wGFgbQYd
-----END CERTIFICATE-----
Note
If the signer of the external web server certificate is a well-known Certificate Authority like VeriSign or
Thawte, then most likely, you can skip this step since Sun JDK already recognizes many well-known CA
signers. On WebSphere, you still need to complete this step because the WebSphere truststore does not
contain third-party Certificate Authority signers.
Thawte, then most likely, you can skip this step since Sun JDK already recognizes many well-known CA
signers. On WebSphere, you still need to complete this step because the WebSphere truststore does not
contain third-party Certificate Authority signers.
JBoss 7.1.1
Perform the following steps as the “administrator” user of the Service Link machine:
Step 1
Copy the signer certificate file (of the external system) to a temporary directory on the Service Link
machine. For example, if the signer certificate file is called “extws.cer”, then copy this file to
“C:\temp\extws.cer” on the Service Link machine.
machine. For example, if the signer certificate file is called “extws.cer”, then copy this file to
“C:\temp\extws.cer” on the Service Link machine.
Step 2
On the Service Link machine, locate the file “cacerts” in the directory
“<JAVA_HOME>\jre\lib\security”, where <JAVA_HOME> is the root directory of the Sun JDK 6
installation. This file is the Trusted CA Keystore that comes with the Sun JDK 6 installation.
“<JAVA_HOME>\jre\lib\security”, where <JAVA_HOME> is the root directory of the Sun JDK 6
installation. This file is the Trusted CA Keystore that comes with the Sun JDK 6 installation.
Step 3
Import the signer certificate into the “cacerts” keystore by executing the following commands in a
Command Prompt window or a Console window:
Command Prompt window or a Console window:
cd <JAVA_HOME>\jre\lib\security
<JAVA_HOME>\bin\keytool -import -trustcacerts -alias extws –noprompt -file
C:\temp\extws.cer -keystore cacerts -storepass changeit
Note
In the “keytool” command above, it is assumed that the password for the “cacerts” keystore file is still
the default value of “changeit”. Replace this with the correct value for the password in your environment.
For the –alias parameter, you can replace the value “extws” with an appropriate alias you plan to use for
this signer certificate. If you import multiple signer certificates, make sure to assign a unique alias name
to each signer certificate.
the default value of “changeit”. Replace this with the correct value for the password in your environment.
For the –alias parameter, you can replace the value “extws” with an appropriate alias you plan to use for
this signer certificate. If you import multiple signer certificates, make sure to assign a unique alias name
to each signer certificate.
Step 4
Restart the Service Link service.