Replacing CORBA Certificates

This procedure describes how to renew your own CORBA certificate.

Before you begin:

Verify that you have one or all of the following: the signed certificate, its private key, and its CA chain in one of the following formats:

• PEM (Privacy Enhanced Mail) files for each of the following: Certificate, Private Key, and Trusted Root CAs
• PKCS#12 file with the Certificate, private key, and CAs. If the PKCS#12 contains multiple certificates and key pairs, then you must also have available the name of the pair to use.

  NOTE: All components must be signed using the same CA Certificate. Private key passwords must exist for PKCS#12 and PEM, however the Certificate PEM must not to be locked/protected by password.

To replace CORBA certificates:

1. Create a temporary folder in the root directory of the computer where the Control-M/EM resides.
2. Place your pem \ pkcs12 files in the temporary folder.
3. Run the Manage_SSL_BYO script according to the following usage:

   PEM format: Manage_SSL_BYO -input pem

   -component {component name}

   -output { Manage_SSL output deployment directory}

   -output_keystores_password {Component keystore password}

   -certificate {certificate pem file}

   -private_key {certificate private key pem file}

   -password {password for private key pem file}

   -ca_certificates {CA certificate chain PEM file}

   PKCS#12 format: Manage_SSL_BYO -input PKCS#12

   -component {component name}

   -output { Manage_SSL output deployment directory}

   -output_keystores_password {Component keystore password}

   -file {pkcs#12 file to import from}

   -password {password of pkcs#12 file}

   [-cert_and_key_name {name of the certificate and private key to import }]

   Supported -component values:

   CONTROL-M_Agent

   CONTROL-M_Server

   CONTROL-M_EnterpriseManagerServers

   CONTROL-M_BPI

   CONTROL-M_Web_Application

   CONTROL-M_EnterpriseManagerAPI

   CONTROL-M_zOS

   EXAMPLE:

   • To generate Control-M/EM keystore files while using pem files into the CTMEM folder, run the following:

     Manage_SSL_BYO -input pem -component CONTROL-M_EnterpriseManagerServers -output CTMEM -output_keystores -password abcd1234 -certificate certificate.pem -private_key privatekey.pem -password abcd1234 -ca_certificates ca-chain.cert.pem

   • To generate Control-M/EM keystore files while using the all.p12 file into the CTMEM folder, run the following:

     Manage_SSL_BYO -input PKCS#12 -component CONTROL-M_EnterpriseManagerServers -output CTMEM -output_keystores -file em.p12 -password abcd1234 -cert_and_key_name

4. Navigate to <EM Home Directory>.
5. Mark as cert_dir the directory specified by -output in step 3.
6. From your current directory, run the following:
   • UNIX: <cert_dir>/setup.sh corba
   • Windows: <cert_dir>/setup.bat corba