Import a certificate

This command allows the user to approve CA certificates and to install the UVMS or UVC Web Console certificates.

Syntax in UVMS:

To add the certificate to the list of approved certificates :

unissl IMPORT –type TRUSTEDCACERT -file <arg> -alias <arg> -position <arg>

Or

unissl IMPORT –type TRUSTEDSERVER –host <arg> -port <arg>

To import the server certificate:

unissl IMPORT –type SERVERCERT -file <arg> -pwd <arg>

Syntax in UVC Web Console:

unissl IMPORT –type TRUSTEDCACERT -file <arg> -alias <arg> -pwd <arg> -overwrite

unissl import -type TRUSTEDSERVER –host <arg> -port <arg> -alias <arg> –position <arg>1 -pwd <arg> -overwrite

Parameter	Description
-type <arg>	Mandatory; the type can be: - SERVERCERT: to import a server certificate. UVMS only - TRUSTEDCACERT: to import and approve a certification authority certificate. - TRUSTEDSERVER : to import and approve a certification authority certificate by connecting to a remote server (-host and –port)
-file <arg>	Mandatory. Complete file name that contains the certificate.
-alias <arg>	Alias used to import the certificate, used only if type = TRUSTEDCACERT The alias names the imported certificate and enables therefore to delete the certificate if multiple certificates of authority certificates have been imported.
-host <arg>	Mandatory for type TRUSTEDSERVER. Server hostname
-port	Mandatory for type TRUSTEDSERVER. Server port number
-position	Only available for type TRUSTEDCACERT or TRUSTEDSERVER. Position of the certificate to trust in the certificate chain
-overwrite	Optional, to force an overwrite of the existing set, if not the user will be asked for a confirmation.
-pwd <arg>	Password. Optional, if this argument is not entered the user will be prompted. The password is defined by the unissl GENSTORE command.
-help	Displays the online help

The keyword CHAIN is no longer used starting from version 4.0.06 of Univiewer.

On UVC Web Console:

The UVMS CA certificate must be imported as a TRUSTEDCACERT or a TRUSTEDSERVER.

In UVMS:

The certificate of Certification Authority (TRUSTEDCACERT) must be installed on the server first before you can import the signed certificate (SERVERCERT).

Only one SERVERCERT certificate can be saved in a keystore. However it is possible to add as many TRUSTEDCACERT certificates as you like to the trusted certificate base.

Example in UVMS:

unissl import -type TRUSTEDCACERT -file "C:\Program Files\AUTOMIC\univiewer_server\FRWPMDEV08_MgtServer\data\security\certnew.p7b" -alias ECA

Enter the Keystore password:

The chain contains 2 certificate(s)

1 Type:               CA Certificate

    Subject:            CN=AUTOMICTstCA, DC=AUTOMICtst, DC=com

    Valid from:         11/05/2011

    Valid to:           11/05/2016

    Fingerprint (MD5): F1:9B:08:98:42:6D:A6:87:98:C3:E8:89:F0:30:CF:9A

    Fingerprint (SHA1): 1E:EE:43:C9:C0:6B:59:11:E8:70:BA:F3:C2:F4:2D:B0:D0:2B:F5

:1B

2 Type:               Server Certificate

    Subject:            CN=frwpmdev08

    Valid from:         13/11/2012

    Valid to:           13/11/2014

    Fingerprint (MD5): 7C:19:A8:90:95:EC:42:8F:7D:05:C7:94:D8:8E:F5:16

    Fingerprint (SHA1): BC:A4:31:74:78:74:FA:8F:C2:AE:35:4C:72:45:2D:CB:F8:A7:EA

:B6

Enter the position of the certificate to add to the alias "ECA" of the Keystore or 'q' to quit: [1]

1

Import successful

unissl import -type SERVERCERT -file "C:\Program Files\AUTOMIC\univiewer_server\FRWPMDEV08_MgtServer\data\security\certnew.p7b"

Enter the Keystore password:

Do you want to overwrite the previous certificate? Y/N

y

Import successful

Example 1 in UVC Web Console :

unissl import -type TRUSTEDCACERT –file "C:\Program Files\AUTOMIC\univiewer_server\FRWPMDEV08_MgtServer\data\security\AUTOMICCA.cer" -alias automic -pwd unissl

Import successful

Example 2 in UVC Web Console:

unissl import -type TRUSTEDSERVER –host frwpmdev08 -port 4443 -alias automic -pwd unissl -overwrite

Opening connection to frwpmdev08:4443...

Certificate is already trusted

The chain contains 2 certificate(s)

1 Type:               CA Certificate

    Subject:            CN=AutomicTstCA, DC=automictst, DC=com

    Valid from:         11/05/2011

    Valid to:           11/05/2016

    Fingerprint (MD5): F1:9B:08:98:42:6D:A6:87:98:C3:E8:89:F0:30:CF:9A

    Fingerprint (SHA1): 1E:EE:43:C9:C0:6B:59:11:E8:70:BA:F3:C2:F4:2D:B0:D0:2B:F5

:1B

2 Type:               Server Certificate

    Subject:            CN=FRWPMDEV08

    Valid from:         15/11/2012

    Valid to:           15/11/2014

    Fingerprint (MD5): 89:B3:82:5C:D1:2D:14:57:C0:C7:83:45:31:85:7C:58

    Fingerprint (SHA1): 48:B0:09:C6:FA:D7:18:18:DD:8A:08:1B:68:9F:81:51:29:10:AB

:7E

Enter the position of the certificate to add to the alias "automic" of the Truststore or 'q' to quit: [1]

1

Import successful

For UVC Web Console, only importing a certificate of authority must be done. The Web server must be restarted in order for these modifications to be taken into account.