Exporting a Local Certificate to a Policy Management Server

To export a local certificate through a secure connection between the CMP system and a Policy Management server:

  1. Log in to the platcfg utility using one of two methods, either from the system console using root or through an SSH remote session using admusr.
    • To access the platcfg utility from the system console:
      1. Log in as root.
      2. Enter su - platcfg.
    • To access the platcfg utility through an SSH remote session:
      1. Log in as admusr.
      2. Enter sudo su - platcfg.

    Note: The dash (-) is required in the su - platcfg or the sudo su - platcfg command to ensure proper permissions.

  2. Select Policy Configuration from the Main Menu screen and press Enter.
  3. Select SSL Key Configuration from the Policy Configuration Menu screen and press Enter.
  4. Select Configure Keystore from the Configure SSL keys Menu screen and press Enter.
  5. Select Export key from the Operate keystore Menu screen and press Enter.
  6. Enter the Keystore Password, select OK, and press Enter.
  7. Press Enter to accept the alias tomcat.

    The Export Certificate screen opens.

  8. Select the certificate type binary, enter the local certificate file path, select OK, and press Enter.

    The certificate is exported.

  9. When the certificate is exported, a successful completion message displays.

    Press Enter.

  10. Log in as admusr on the active server of the CMP cluster and enter the following commands:
    1. sudo su -
    2. scp admusr@active_server_addr:remote_path/file.cer local_path
    In this example, active_server_addr is mpe-01, remote_path is /tmp, file is mpe-a.cer, and local_path is /tmp:
    # scp admusr@mpe01:/tmp/mpe-a.cer /tmp
    mpe-a.cer
    # 

    The certificate is copied to the active CMP server.