In some cases when IdentityMinder(Manager) has already been configured for SSL, and you're configuring the bulk load client after that, it is then necessary to configure imbulkloadclient for SSL, the steps below will guide you through the process.
Step 1: We need to identify the correct key in the IM key store.
Locate java_home for the application server
It is best to identify the environment variable in use for java_home
The keystore will be located here:
java_home\jre\jdk<version>\lib\security
Step 2: Go to the keystore in use and export your CA cert chain
keytool -list -V -keystore <your keystore name>
Enter the keystore password
The above command lists out all of the certs in the store
you are looking for the certificate authority cert chain for your servers
Once you have identified the cert, export it with:
keytool -export -alias <cert alias> -file <filename> -keystore <your keystore name>
Enter the keystore password
This will create a cert file with a name that you specified for:<filename>
***If you receive a permissions error this could be due to the fact that you are not able to create files in the directory specified, try with /tmp/<filename>
Copy the file to the bulkload client machine
Step 3: On the server running bulkload client create a folder called sslkeystore
Create the folder under bulkloader:
example: D:\BulkLoader\windows\caim-bulk-loader\sslkeystore
Copy the file exported from javahome keystore to the bulkload client machine and place it in the folder you just created
Step 4: Import this into the bulkload client keystore
(This command also creates the keystore) cd to the directory that you created enter:
keytool -import -alias <aliasname> -file <filename> -keystore imbulkloadclientkeystore.jks
enter a keystore password
choose yes to trusting the cert
Step 5: Edit the bulkload client.bat to use SSL
Change these lines:
set TRUSTSTORE=%HOMEDRIVE%%HOMEPATH%\.imbulkloadclientkeystore
set TRUSTSTORE_PASSWORD=changeit
to:
set TRUSTSTORE=..\sslkeystore\imbulkloadclientkeystore.jks
set TRUSTSTORE_PASSWORD=<password you typed during the import>
At this point the bulkloadclient will now be able to make SSL commands into identityminder
Also, if you are using java 1.7 see another cause for the issue below:
Error message:
- javax.net.ssl.SSLHandshakeException: Received fatal alert:
handshake_failure
Just renamed the _uninst folder below “Bulk Loader”, this process will force bulkloaderclient to use the OS Java (1.7) instead of Java embedded with Bulkloaderclient (1.6)
Searching on google, there is a bug/problem where Java 1.7 send an “extra” Hello message, which depends on the format will cause disconnection.