On Windows, to enable users to log on to the Command Center using a Common Access Card (CAC) or a client certificate, you must add a Certificate Authority (CA) root certificate to the Tomcat server.
Before You Begin
Obtain a certificate file (.cer or .crt) or a keystore file that contains the client certificate.
Procedure
-
From the command prompt, go to the Base folder.
On Windows, by default, you can run commands from any location because the Base folder is added to the system path.
-
Enable login using one of the following options:
-
To use a certificate file, run the following command:
cvCertTool.cmd -trustcert-filename "<certificate-full-path>" configure-client-verification -
To use a keystore file, run the following command:
cvCertTool.cmd -truststore-filename "<truststore-full-path>" -truststore-password "<password>" -truststore-type "<type>" configure-client-verification
-
-
To add the keystore that contains the revocation list, run the following command:
cvCertTool.cmd -trustcert-filename "<certificate-full-path>" -certificateRevocationList-filename "<revocation-list-full-path>" configure-client-verification -
Restart the Tomcat server.
Results
A new certificateVerification=”optional” element appears in the corresponding server.xml file in the Web Console or Command Center computer.
What to Do Next
If necessary, you can disable client verification by running the following command:
cvcerttool.cmd -remove true configure-client-verificationcommand.