Creating a Server Truststore
This section briefly explains how to generate a server truststore containing the CA The Certificate Authority (CA) issues and manages security credentials and public keys for message encryption in a networks environment. certificate(s) to authenticate the ActivID CMS Web server certificate. Complete the following tasks.
-
Locate the bin folder of the PKI renewal tool.
C:\Program Files\HID Global\Tools\Automatic_Cert_Renewal\bin.
-
Copy all CA certificates into the bin folder.
-
Open a DOS command line, and change directory (cd) to the bin folder.
Launch the setenv.bat batch file.
-
Change (cd) to the following directory:
C:\Program Files\HID Global\Tools\Automatic_Cert_Renewal\
-
Run the following command:
Copykeytool –import –alias cert0 –keystore server.truststore –trustcacerts –file .\root.cer
Note: The alias cert0 and the root.cer filename in this example correspond to the first CA certificate you want to install. -
When prompted for a keystore password, enter the password (in this example, it is “password”).
-
When prompted to decide if you trust the certificate, enter “yes” to trust this certificate.
-
If you need to add other CA certificates, execute the same command. Modify -alias (for example, -alias1 or -alias2) and the certificate file name (root3.cer or root5.cer) to identify a different CA certificate.
-
Copy and move the newly created server.truststore file to the Automatic_Cert_Renewal/conf/certificates folder.