Creating a Server Truststore

This section briefly explains how to generate a server truststore containing the CA The Certificate Authority (CA) issues and manages security credentials and public keys for message encryption in a networks environment. certificate(s) to authenticate the ActivID CMS Web server certificate. Complete the following tasks.

1. Locate the bin folder of the PKI renewal tool.

   C:\Program Files\HID Global\Tools\Automatic_Cert_Renewal\bin.

2. Copy all CA certificates into the bin folder.

3. Open a DOS command line, and change directory (cd) to the bin folder.

   Launch the setenv.bat batch file.

4. Change (cd) to the following directory:

   C:\Program Files\HID Global\Tools\Automatic_Cert_Renewal\

5. Run the following command:

   Copy

   keytool –import –alias cert0 –keystore server.truststore –trustcacerts –file .\root.cer

   

   Note: The alias cert0 and the root.cer filename in this example correspond to the first CA certificate you want to install.

6. When prompted for a keystore password, enter the password (in this example, it is “password”).

7. When prompted to decide if you trust the certificate, enter “yes” to trust this certificate.

8. If you need to add other CA certificates, execute the same command. Modify -alias (for example, -alias1 or -alias2) and the certificate file name (root3.cer or root5.cer) to identify a different CA certificate.

9. Copy and move the newly created server.truststore file to the Automatic_Cert_Renewal/conf/certificates folder.