> CommCell Console > End User Access > Web Console > Administrators > Installing the Command Center > Post-Installation Configurations for Web Server and Command Center > Configuring Secured Access for Web Applications > Commvault Certificate Tool > Using the Commvault Certificate Tool

Importing the CA-Signed Certificate

After you obtain the CA-signed certificate, you must import it into your keystore.

If you already have a keystore containing a CA-signed certificate, skip this procedure and configure the Commvault Tomcat service.

Note

If your CA response includes a keystore type or certificate file format the tool cannot process, you might need to perform the import-ca-certs step manually. To do so, first make a backup copy of your keystore, then import your CA-issued certificates into the keystore. For instructions, see Creating a CA-Signed Certificate for the Tomcat Server

Procedure

  1. Verify if the following settings are defined. You must have defined the settings in the step, Defining Settings in the Workspace Configuration File. If you missed the settings, define it before you import the CA-signed certificate.

    • keystore-password*

    • workspace*

    • allow-invalid-certs**

    • ca-root-cert-filename**

    • ca-intermediate-cert-filename**

    • ca-server-cert-filename**

    • instance**

    • keyalg**

    • keysize**

    • keystore-alias**

    • keystore-filename**

    • keytool-executable-path**

      *Required settings that you must enter.

      **Settings with default values that you might need to customize.

    For information about settings, see Settings for the Workspace Configuration File.

  2. Copy the CA-signed certificate to the cacerts folder in your workspace.

    By default, the Commvault Certificate Tool will analyze all of the files in the cacerts folder and attempt to determine automatically which files are root, intermediate, and server certificates. If the process fails, you can use the ca-root-cert-filename, ca-intermediate-cert-filename, and ca-server-cert-filename settings to specify them explicitly.

    Note

    The automatic certificate analyzer recognizes common formats for storing individual certificates and PKCS#7 containers with filenames that end in ".p7b" or ".P7B". The settings for manually specifying individual certificates do not support PKCS#7 containers.

  3. Run the following command:

    cvCertTool.cmd -workspace "workspace_filepath" import-ca-certs

    The keystore contains a CA-signed certificate and is ready for production use.

    Note

    To ensure that the original keystore is not left in an unusable state in case something goes wrong, the Commvault Certificate tool makes a working copy of the keystore and imports certificates into the copy. If all certificates are imported successfully, the original keystore is renamed or moved into the backups folder, and the working copy is renamed to replace the original keystore. All files involved in this operation are contained in the current workspace.

Page contents

×

Loading...