How to Replace the Web Server Certificate for the ATIC

Context

When HTTPS is used to log in to the ATIC, there is a security certificate issue. To resolve this issue, you need to ask a certificate authority to generate a security certificate file for the ATIC, and import the certificate to the ATIC.

Procedure

1. Generate a certificate library file.
   1. Choose StartRun, enter cmd, and press Enter.
   2. Run the cd D:\VSM\Runtime\jre6.0.18\bin command to access the directory where the certificate file generation tool keytool resides. The Italic words in the command must be replaced with the actual software installation path.
   3. Run the keytool -genkey -alias atic -keyalg RSA -keystore legokeystore command to create a certificate library file. The alias can be modified as required, but the keystore file name cannot.
   4. The default password is Admin@storage.
   5. Enter the first and last names based on prompts. Using the server IP address is recommended.
   6. Enter the organization, city, and province names based on prompts. Enter the country code.
   7. The system generates confirmation information based on the input. If the information is correct, enter y and press Enter.
   8. Set a primary password for the certificate library file based on prompts.
      NOTE:

      The passwords must meet the minimum complexity requirement. That is, the passwords must contain at least three of the following, including upper-case letters (A to Z), lower-case letters (a to z), digits (0 to 9), and special characters (such as !, #, $, and %). You must change the passwords periodically.

2. Export the CSR request file and use this file to obtain the root certificate and authorization reply certificate.
   1. Access the directory where keytool resides and run the keytool -certreq -keyalg RSA -alias atic -file atic.csr -keystore legokeystore command to generate the request file.
   2. Obtain request file atic.csr from software installation path\Runtime\jre6.0.18\bin and send the request file to a certificate authority to generate secure and reliable certificate files. The root certificate and authorization reply certificate should be sent in reply.
3. Import the root certificate.
   1. Access the directory where keytool resides and run the keytool -import -alias root -keystore lego_keystore -trustcacerts -file rootcert.cer command. In the command, root is the root certificate alias and can be changed as required; lego_keystore is the name of the certificate library file generated in the previous step; rootcert.cer is the name of the root certificate file generated by the authority.
   2. Enter the keystore password as prompts and press Enter. The certificate information is displayed.
   3. If the certificate information is correct, enter y and press Enter. A message is displayed, saying that the certificate information has been added to the certificate library file.
4. Import the authorization reply certificate.
   1. Access the directory where keytool resides and run the keytool -import -alias atic -keystore lego_keystore -file atic.cer command. atic is the name of the request file; lego_keystore is the name of the certificate library file; atic.cer is the name of the authorization reply certificate file.
   2. Enter the keystore password as prompts and press Enter. A message is displayed, saying that the certificate has been installed.
5. Replace the original certificate.

   After importing the certificate, access software installation path\Runtime\jre6.0.18\bin and copy the lego_keystore file to software installation path\Runtime\Tomcat6\certs to overwrite the existing certificate file.

6. Restart the ATIC.
7. Copy the root certificate file to the client server used to access the ATIC and double-click the file for installation. Alternatively, use a browser on the client server to access the ATIC and install the certificate on the client server.

Result

After importing the certificate, use the browser to access the ATIC. If no certificate error message is displayed, the configuration succeeds.