Storing new certificates

This procedure describes how to store the CA and signed certificates. Default CA and application certificates are provided and stored in standard PEM format.

To store a Root Certificate Authority (CA) and signed certificates:

1. Place the certificates (ca_cert.pem, cert_name.pem, and cert_name_priv_key.pem) in a new directory

   EXAMPLE:<Control-M/EM Home Directory>/ini/ssl/new_ca

2. Update the ssl_client_server.conf and ssl_ns.conf files in the <Control-M/EM Home Directory>/etc> directory by changing the names of the demonstration certificates to the names of your certificates. Parameters for ssl_client_server.conf are described inssl_client_server.conf parameters.

   EXAMPLE: If the original content of the ssl_client_server.conf file is:

   dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() "

   -SSLAuthenticate SERVER_AND_CLIENT

   -SSLPrivateKey 'PEM:/home/ecs1/ctm_em/ini/ssl/CertDemoU_pk.pem'

   -SSLCertificate 'PEM:/home/ecs1/ctm_em/ini/ssl/CertDemoU.pem'

   -SSLCAfile 'PEM:/home/ecs1/ctm_em/ini/ssl/new_ca.pem'

   -SSLrand /home/ecs1/ctm_em/ini/ssl/rnd.bin" static Client_Strategy_Factory "

   -ORBConnectStrategy blocked" static Resource_Factory "

   -ORBProtocolFactory SSLIOP_Factory"

   Change the full path name of the certificates (bold above) to the names of your certificates.

   In this example, authentication of both the server and the client is required because the -SSLAuthenticate parameter is set to SERVER_AND_CLIENT.