HOW TO: Import StrongKey Certificates (TEST Environment)
This step assumes that you have successfully installed the SKS server and its components, as well as installed the Symmetric Key Client Library (SKCL) . If not, please finish that before continuing with this step. It also assumes that you have downloaded the StrongKey distribution and extracted it into a directory called /usr/tmp. If you have extracted the distribution in a different directory, substitute that directory for /usr/tmp.
In order to use the StrongKey Administration GUI, the Mozilla Firefox browser should be used. If you don't have Mozilla Firefox in your environment, please go to http://www.mozilla.com/firefox/ to install one.
1.
In a shell terminal/Command Prompt window, change directory to the /usr/local/etc/symkey directory. Verify that the cache, client, pkcs11 and the server directories are directly beneath /usr/local/etc/symkey. If not, run the following command.
unzip /usr/tmp/symkey/etc.zip
You should see a list of directories and files being created. Verify again that the cache, client, pkcs11 and the server directories are directly beneath /usr/local/etc/symkey.
2.
change directory to the /usr/local/sjsas82/domains/domain1/config directory, using:
cd /usr/local/sjsas82/domains/domain/config
3.
Copy the /usr/local/etc/symkey/server/crypto/strongkey-keystore.jks to /usr/local/sjsas82/domains/domain1/config directory. The strongkey-keystore.jks file contains the server certificate that the Application Server will use to establish SSL Client Authentication.
cp /usr/local/etc/symkey/server/crypto/strongkey-keystore.jks /usr/local/sjsas82/domains/domain1/config
4.
Make a copy of the original from domain.xml file.
cp domain.xml domain.xml.original
5.
Open the domain.xml file in text editor and delete the following lines form the file.
<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options>
<jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks</jvm-options>
6.
After deleting the above lines from domain.xml, now insert the following lines in the same place, which you deleted in the previous step.
<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/strongkey-keystore.jks</jvm-options>
<jvm-options>-Djavax.net.ssl.keyStorePassword=strongkey</jvm-options>
<jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/strongkey-keystore.jks</jvm-options>
<jvm-options>-Djavax.net.ssl.trustStorePassword=strongkey</jvm-options>
7.
Do a search on the file and replace the cert-nickname form s1as to sks2 in the domain.xml document.
8.
Save the changes and close the domain.xml file.
9.
Close all the browsers windows, and navigate to your home directory. This step assumes that you have successfully installed the latest free version of Mozilla Firefox, if not refer to http://www.mozilla.com/firefox/
10.
On Linux, just type cd in a shell/command terminal and it will take you to the home directory.
11.
Form the home directory,
cd .mozilla/firefox/
12.
In the firefox directory look for a directory which ends with .default, and go there
cd *.default
13.
Make a backup directory, and move all the files which end with .db to that
mkdir backup
mv *.db backup/
14.
Copy the StrongKey Client Certificates to this directory.
cp /usr/local/etc/symkey/pkcs11/*.db .
15.
To verify or display the list of certificates which has been imported to the browser, use the following instructions
Open the browser, and under Edit select Preferences option.
Firefox Preferences page will open up, and click on Advanced and then on Security tab.
Under Security tab, click on View Certificates button.
On Certificate manager page, click on Your certificate tab and view the list of certificates. You should at least see StrongKey Auditor, StrongKey User, StrongKey Administrator, StrongKey Security Officer, and StrongKey Developer.
16.
Remember that strongkey will be the password for all the certificates and security devices.
17.
You have successfully imported StrongKey Certificates to Application Server and Mozilla Firefox browser.