Generating Truststore for ECF

Use

You use this procedure to generate a Truststore which is only needed if you use a certificate for authenticating ECF users.

Procedure

Note:

This procedure uses the default certificate file ecfs_trustedstore. If you use some other name, make sure you enter it in Infrastructure Administrator > Java Keystore Settings > Truststore File for NIO Connector.

  1. Open Internet Explorer on the machine where the SSO certificate is located.

  2. Go to Options > Content > Certificates > Intermediate Certification Authorities and choose the certificate.

  3. Double-click the certificate to open it.

  4. Choose Details and Copy to file.

  5. Click Next.

  6. Only in Windows 2008 R2: When asked to include the private key, select No private key and click Next.

  7. Select DER encoded binary X. 509 (.CER) and click Next.

  8. Choose the place where you save the file and enter the name mycert.cer.

  9. Click Next and then Finish.

  10. When you have exported the certificate, go to Command Prompt and run the following command:

    keytool -import -keystore ecfs_trustedstore -file mycert.cer

  11. When asked Trust this certificate? answer y.

When you have installed the ECF packages, create a folder called ecf in the root directory of the ECF virtual unit and place ecfs_trustedstore there.

Additionally, to enable user authentication with a certificate:

  • Check that the appropriate variables have been defined during installation, see ECF Web Server Variables.

  • Define the certificate for users in System Configurator > User and Role Management > Users, see Defining Client Certificates.

  • Make sure that the appropriate client certificate is in the browser’s certificate store on the client workstation.