Updating the keystore with trusted certificate entry type

This procedure describes how to update the keystore where the certificate is a trusted certificate entry type.

To update the keystore with trusted certificate entry type:

1. Stop the Control-M Web Services API service or process, as described in Stopping Control-M Web Services API.
2. Do one of the following:
   • Windows: Open a command prompt.
   • UNIX: Open a UNIX session under the agent ID where Control-M Web Services API is installed.
3. Rename the server.keystore to server.keystore.orig in the <CTM BPI IFC DIR>/conf directory.
4. Create the new server.keystore by importing the PKCS12 type keystore that have both signed cert and private key for that cert, as follows:

   >keytool -importkeystore -deststorepass sslServerPassword -destkeystore conf/server.keystore -srckeystore <fully qualified path to the source keystore> -srcstoretype PKCS12

5. Do one of the following:
   • Change the alias in the keystore to sslserver, as follows:

     >keytool -changealias -keystore ./conf/server.keystore -alias <original alias name> -destalias sslserver -storepass sslServerPassword

   • Change the ctm.bpi.ifc.ws.sslServerAlias value in the <CTM BPI IFC DIR>/conf/ctm.bpi.ifc.ws.properties file.
6. Change the private keypass inside the keystore to match the password specified by the ctm.bpi.ifc.ws.sslServerAliasPassword value, as follows:

   >keytool -keypasswd -keystore ./conf/server.keystore -alias sslserver -storepass sslServerPassword

7. Restart the Control-M Web Services API service or process.