Configuring the Certificate Authority

Prerequisites: In order to use SSL to communicate with the Verizon UniCERT UPI CA, you must first:

Create a JKS TrustStore to load the trusted certificates, for example:

keytool -import -alias root1  -keystore UpiTrust.jks -file UpiCA.cer –storepass <password>

Use the Tomcat GUI application (for example, tomcat9w) to add Java™ system properties to the system to specify the TrustStore, for example:
Copy
```
Djavax.net.ssl.trustStore=C:\Program Files\HID Global\Credential Management System\certificates\UpiTrust.jks
```

This section describes how to configure the ActivID CMS Operator Portal for Verizon UniCERT UPI.

For detailed instructions on creating connections to CAs in ActivID CMS, refer to Procedures for Configuring Connections to Certificate Authorities.

Log on to the ActivID CMS Operator Portal with an ActivID CMS Administrator certificate.
Click the Configuration tab, and then click Repositories.
Click Add Certificate Authority, and then from the drop-down list, select Verizon Unicert UPI Authority. For Template, accept Default UPI configuration template.
Click Submit.
Enter a Name for the Certificate Authority.
Enter all the required values.
Note:
- If you are using SSL, refer to the prerequisites abpve.
- If you are using an HSM A Hardware Security Module (HSM) securely stores secret key material. They are similar to large-storage, multisession smart cards. However, unlike smart cards, they are used mainly on the server side of a system., refer to Configuration Using the RRO Stored in an HSM
Click Test to verify the CA configuration.
Click Create. A confirmation message appears.
Click Done.