Symantec IGA

 View Only
  • 1.  Web UI SSL Cert in CA VAPP

    Posted Dec 13, 2018 07:48 AM
      |   view attached

    Hi

     

      I am trying to install web UI ssl certificate in CA Vapp. while trying to generate keystore i am getting error,

     

    Error:

    keytool error: java.io.FileNotFoundException: IAM*** (Permission denied)

     

               Do we have to give any extra permission or do we have to perform this operation with any specific user. As i am trying this task first with CA Virtual Appliance your support and view over my concern would be helpful.

     

     

    BR

    Kirupakaran  



  • 2.  Re: Web UI SSL Cert in CA VAPP

    Posted Dec 13, 2018 10:34 AM

    You might not be in the right directory or a writable directory.

     

    Run whoami, pwd and send the the results along with the command you are entering.



  • 3.  Re: Web UI SSL Cert in CA VAPP

    Posted Dec 13, 2018 11:41 PM

    Hi Larry

       Thanks for your response. PFA screenshot and share your view which would be helpful. Awaiting Reply!

     

     

    BR

    Kirupakaran



  • 4.  Re: Web UI SSL Cert in CA VAPP

    Posted Dec 14, 2018 01:59 AM

    Hi Larry

         If we have to run this command with different user other then config. where do we find the password for other users because we only aware of config user password.

     

    BR

    Kirupakaran



  • 5.  Re: Web UI SSL Cert in CA VAPP

    Broadcom Employee
    Posted Dec 14, 2018 11:01 AM

    Perhaps you should try to run the command from config home and execute the command with full path and see if the problem remains.



  • 6.  Re: Web UI SSL Cert in CA VAPP
    Best Answer

    Posted Dec 14, 2018 12:20 PM

    Hi Kirupakaran

     

     

    https://docops.ca.com/ca-identity-suite/14-2/en/virtual-appliance/administering-virtual-appliance

     

    The embedded httpd service is using the standard JDK keystore, cacerts, and the permissions have been open for this keystore file to replace any CA certs or server certs.

     

    Administering Virtual Appliance - CA Identity Suite - 14.2 - CA Technologies Documentation 

     

    keytool -list -v -keystore /opt/CA/jdk1.8.0_71/jre/lib/security/cacerts -store-pass changeit

    keytool -printcert -v -file /opt/CA/VirtualAppliance/custom/apache-ssl-certificates/localhost.crt

    ls -lart /opt/CA/VirtualAppliance/custom/apache-ssl-certificates

    ls -lart /opt/CA/jdk1.8.0_71/jre/lib/security/cacerts

     

    See permission for the "config" userID.

     

     

     

     

     

     

     

     

    Note: The Wildfly certs will use different keystore(s).

    See if the links below are useful, if you plan to use external load balancers:

     

    Steps to update the server cert for Wildfly for TCP 8443 

     

    Administering Virtual Appliance - CA Identity Suite - 14.2 - CA Technologies Documentation 

     

     

     

    Cheers,

     

    A.