Generating Truststore for ECF
Use
You use this procedure to generate a Truststore which is only needed if you use a certificate for authenticating ECF users.
Procedure
This procedure uses the default certificate file ecfs_trustedstore. If you use some other name, make sure you enter it in .
-
Open Internet Explorer on the machine where the SSO certificate is located.
-
Go to
and choose the certificate. -
Double-click the certificate to open it.
-
Choose Details and Copy to file.
-
Click Next.
-
Only in Windows 2008 R2: When asked to include the private key, select No private key and click Next.
-
Select DER encoded binary X. 509 (.CER) and click Next.
-
Choose the place where you save the file and enter the name mycert.cer.
-
Click Next and then Finish.
-
When you have exported the certificate, go to Command Prompt and run the following command:
keytool -import -keystore ecfs_trustedstore -file mycert.cer
-
When asked Trust this certificate? answer y.
When you have installed the ECF packages, create a folder called ecf in the root directory of the ECF virtual unit and place ecfs_trustedstore there.
Additionally, to enable user authentication with a certificate:
-
Check that the appropriate variables have been defined during installation, see ECF Web Server Variables.
-
Define the certificate for users in Defining Client Certificates.
, see -
Make sure that the appropriate client certificate is in the browser’s certificate store on the client workstation.