Add the certificate to the list of trusted certificates

To connect to the IXIA TEXTML Server, you must provide the list of related clients with the IXIA TEXTML Server signed certificate in the list of trusted certificates.

About this task

To add the signed certificate of authenticity (CA) to the list of trusted certificates, you must run the keytool command in the JRE or JDK for each client.

  • If you get an error message indicating that the certificate cannot be trusted, you need to add the root certificate for the trusted authority, since the default certificate store rarely contains the root certificates for your installation. Contact your commercial root certificate authority (CA) for more information.

  • If you receive an error message that indicates the user or password doesn't exist, it's likely your root certificate is not installed in the certificate store. Install and also make sure all intermediate certificates are installed.

To add the CA to the list of trusted certificates:

Procedure

  1. On the system with the installed component, copy the root CA and any Intermediate certificate to a temp folder c:\temp or /tmp.
    Important: You must be in the JRE/bin or JDK/bin folder used by each CCMS component. Each component's configuration entry is specific to the JRE or JDK location for that component.
    Table 1. JRE or JDK paths for components

    Client

    Platform

    Sample path

    IXIA CCMS Desktop

    Windows

    C:\ixiasoft-ccms\cms-<instance name>\jre\bin

    Note: Do this for each <instance name>.

    IXIA CCMS Output Generator

    Windows

    %install_dir%\jdk\bin

    Linux

    %install_dir%/jdk/bin

    IXIA CCMS Scheduler

    Windows

    %install_dir%\jdk\bin

    Note: Wherever defined in the wrapper.conf file.

    Linux

    %install_dir%/jdk/bin

    Note: Wherever defined in the wrapper.conf file.

    CCMS Web

    Windows

    c:\Ixiasoft\ccms\jdk-11\bin

    Linux

    /opt/ixiasoft/ccms/jdk-11/bin

    Java Console

    Windows

    C:\Program Files\IxiaSoft\TextmlServer44\TextmlAdminJava\jre\bin

    Linux

    /opt/ixiasoft/bin/5167/textmladminjava/jre/bin
  2. Open a command prompt and go to the \jre\bin directory for the client.
  3. Run the appropriate command, based on your platform.
    Table 2. Platform-specific keytool commands

    Platform

    Commands

    Windows

    		 
    keytool -importcert -keystore ..\lib\security\cacerts -storepass changeit -file c:\temp\textml_root_cert.pem -alias company_root_ca
    		 
    keytool -importcert -keystore ..\lib\security\cacerts -storepass changeit -file c:\temp\textml_intermediate_cert.pem -alias company_intermediate_ca

    Linux

    		 
    keytool -importcert -keystore ..\lib\security\cacerts -storepass changeit -file /tmp/textml_root_cert.pem -alias company_root_ca

    keytool -importcert -keystore ..\lib\security\cacerts -storepass changeit -file /tmp/textml_intermediate_cert.pem -alias company_intermediate_ca
  4. In the resulting message and at the prompt to trust the certificate, enter yes.
    The certificate is added to the keystore.
  5. Repeat this procedure for every client that connects to the IXIA TEXTML Server.

    Related clients for connection could includeIXIA CCMS Desktop, IXIA CCMS Output Generator, IXIA CCMS Scheduler, and IXIA CCMS Web.

    Note: If you get an error message, make the pertinent changes and try again.

Results

The CA is added to the list of trusted certificates. The next sub-step is to enable SSL for each component connection you identified in this certification process in the steps above.