Adding a signer certificate to a keystore

This topic describes how to add a signer certificate to the Trust Store.

Before you begin

You need to receive a certificate issued by a certificate authority.

About this task

Signer certificates establish the trust relationship in SSL communication. You can extract the signer part of a personal certificate from a keystore, and then you can add the signer certificate to other key stores.
Note: If you restart the TBSM Dashboard server without completing this step (adding the signer certificate to the Trust Store, the TBSM Dashboard will not be able to connect to the TBSM Data server at all. And therefore, you'll have no access to TBSM whatsoever (not even the items previously accessible when step 2 was completed). However, please note that this step once completed, will allow the Dashboard server to connect to the Data server (without the need to restart any of the components). In this step, all we need to do, is add the CA's Intermediate certificate.

Complete the following steps in the administrative console:

Procedure

  1. Click Security > SSL certificate and key management.
  2. From the page that opens, under Configuration settings, click Manage endpoint security configurations.
  3. On the page that opens, select either the Inbound or Outbound node SSL configuration, depending on the certificate you are adding.
    For example: to select the Inbound connection, click:

    Inbound > JazzSMNode01Cell -> Nodes -> JazzSMNode01(NodeDefaultSSLSettings)

  4. On the page that opens, under Related Items, click Key store and certificates, under 'Related Items'
  5. On the page that opens, click NodeDefaultTrustStore.
  6. On the page that opens, under Additional Properties, click Signer certificates.
  7. On the page that opens, click Add.
  8. From the page that opens:
    1. Enter the alias for the signer certificate in the Alias field .
    2. Enter the full path to the signer certificate file in the File name field
    3. Select the data type from the list in the Data Type field
    4. Click Apply.
  9. In the message box that opens, click Save.

Results

When these steps are completed, the signer from the certificate file is stored in the keystore. You can see the signer in the keystore files list of signer certificates. Use the keystore to establish trust relationships for the SSL configurations.

What to do next

You need to enable the new SSL Certificate.