Importing the Server Root Certificate (Java)

When RSA Authentication Manager is installed, the system creates a self-signed root certificate and stores it in RSA_AM_HOME/server/security/server_name.jks directory. This certificate must be exported from the server, and imported into the keystore for remote API clients. Use the Java keytool, as described in the following sections to export and import the certificate into Java clients.

To export the server root certificate:

Change directories to RSA_AM_HOME/appserver/ and enter the following:

jdk/jre/bin/keytool -export -keystore RSA_AM_HOME/server/security/server_name.jks -file am_root.cer -alias rsa_am_ca

Where:

RSA_AM_HOME directory is a generic placeholder for /opt/rsa/am path
- server_name.jks is a placeholder for caStore.jks keystore

At the prompt for keystore_password, press Enter without the password.

Ignore the warning message that appears as the server root certificate will still be exported.

To import the server root certificate (Java):

Locate the server root certificate file that you exported from Authentication Manager. Copy it to the target host.

Copied certificate can be imported either in default java trust store that is., carcets or copied certificate can be imported in separate trust store for example, trust.jks

To import the certificate in default java trust store use following steps:

Copy and paste the attached RSA.cer under JAVA_HOME/JRE/lib/security Note: JAVA_HOME is your JDK home path. For example, C:\JDK_1.8.0_18

Open the command prompt and navigate to JAVA_HOME/JRE/ lib/security directory and enter the following command:
keytool -keystore cacerts -importcert -alias "rsa_am_cer" -file am_root.cer

Provide your cacerts keystore password to import the server root certificate. The Java default is "changeit".

Import the certificate to the separate trust store. Change directories to JAVA_HOME/jre/bin, and enter the following:
keytool -import -keystore SDK_HOME/lib/java/trust.jks -storepass cacerts_keystore_password -file am_root.cer -alias rsa_am_ca -trustcacerts
The Java keytool displays a confirmation that the certificate was added to the keystore.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Importing the Server Root Certificate (Java)

To export the server root certificate:

To import the server root certificate (Java):

To import the certificate in default java trust store use following steps:

Documentation Feedback