Check In CA Certificates from the Console

After you save any CA certificates to a local file, you can check in the CA certificate at the console from the installation directory.

About this task

Common CA certificates are contained in a JKS keystore that is part of the JVM that is shipped with Sterling B2B Integrator. The JKS keystore is located at /install_dir/jdk/jre/lib/security/cacerts. You may also obtain certificates externally.

To import certificates into the Sterling B2B Integrator trusted repository, modify the command at /install_dir/bin/ImportCACerts.sh (UNIX) or \install_dir\bin\ImportCACerts.cmd (Windows).

Before you begin, save any CA certificates obtained externally to a local file.

To check in a CA certificate at the console:

Procedure

  1. Navigate to the installation directory.
  2. Navigate to the bin directory.
  3. Enter this command:

    (UNIX) ./ImportCACerts.sh

    (Windows) ImportCACerts.cmd

    All certificates in the file are listed, one at a time, with these exceptions:
    • Entries containing symmetric or private keys are not processed or listed.
    • Only the first certificate in a DER-format file is processed and listed.
  4. Following the prompts, enter Y (not case-sensitive) for any certificate you want to import.
  5. For each certificate accepted, accept the suggested Certificate Name or edit it based on your file naming conventions.
  6. If the certificate label duplicates a label already in the database, enter Y or N (not case-sensitive) to indicate if you want to change the label.
    Although certificates are not generally identified by label and the database allows label duplicates, some services look up certificates by label. Avoid duplicate labels to avoid the possibility of unexpected behavior.
  7. If the certificate duplicates a certificate already in the database (as indicated by the SHA1 hash of the certificate, specify with Y or N whether you want to import the duplicate.

    Certificates are identified by SHA1 hash for purposes of determining duplicates. More than one copy of a certificate can be present in the database, since each will populate a different row and have a distinct object ID. The existing certificate is not overwritten.