Generating Truststore for SC Web Access

Use

You use this procedure to generate a Truststore which is needed for authenticating users for SC web access (connection to Connection Web Server, COWS).

Procedure

Note: This procedure uses the default certificate file. If you use some other name, make sure you enter it in Infrastructure Administrator in COWS variableJava Keystore Settings for Connection Web Server > Truststore File Name for SSL CA Certificates.
  1. Open Internet Explorer on the machine where the client certificate is located.

  2. Go to Options > Content > Certificates > Intermediate Certification Authorities and choose the certificate.

  3. Double-click the certificate to open it.

  4. Choose Details and Copy to file.

  5. Click Next.

  6. Only in Windows 2008 R2: When asked to include the private key, select No private key and click Next.

  7. Select DER encoded binary X. 509 (.CER) and click Next.

  8. Choose the place where you save the file and enter the name mycert.cer.

  9. Click Next and then Finish.

  10. When you have exported the certificate, go to Command Prompt and run the following command:

    keytool -import -keystore cows_trustedstore -file mycert.cer

  11. When asked Trust this certificate? answer y.

When you have installed the COWS packages, a folder called /certificates/cacerts is created in the root directory of the virtual unit, place cows_trustedstore there.

Additionally, to enable user authentication with a certificate:

  • Check that the appropriate variables have been defined during installation, see Connection Web Server (COWS).
  • Define the certificate for users in System Configurator > User and Role Management > Users > Certificates, see Defining Client Certificates.
  • Make sure that the appropriate client certificate is in the browser’s certificate store on the client workstation.