Import a certificate

This command allows the user to approve CA certificates and to install the UVMS or UVC Web Console certificates.

For UVMS:

• The certificate of Certification Authority (TRUSTEDCACERT) must be installed on the server first before you can import the signed certificate (SERVERCERT).
• Only one SERVERCERT certificate can be saved in a keystore. However it is possible to add as many TRUSTEDCACERT certificates as you like to the trusted certificate base.

Syntax:

1. To add the certificate to the list of approved certificates :

   unissl IMPORT -alias <val> -file <val> –type TRUSTEDCACERT [-position <val>]

   Or

   unissl IMPORT –host <val> -port <val> –type TRUSTEDSERVER

2. To import the server certificate:

unissl IMPORT -file <val> –type SERVERCERT [-pwd <val>]

For UVC Web Console:

For UVC Web Console, only importing a certificate of authority must be done. The Web server must be restarted in order for these modifications to be taken into account. The UVMS CA certificate must be imported as a TRUSTEDCACERT or a TRUSTEDSERVER.

Syntax in UVC Web Console:

• To import the CA certificate:

  unissl IMPORT –type TRUSTEDCACERT -file <val> -alias <val> -pwd <val> -overwrite

  or

  unissl import -type TRUSTEDSERVER –host <val> -port <val> -alias <val> –position <val>1 -pwd <val> -overwrite

Arguments:

• -alias <val>

  Mandatory. Alias used to import the certificate, used only if type = TRUSTEDCACERT
  The alias names the imported certificate and enables therefore to delete the certificate if multiple certificates of authority certificates have been imported.

• -file <val>

  Mandatory. Complete file name that contains the certificate.

• -help

  Optional. Displays the online help

• -host <val>

  Mandatory for type TRUSTEDSERVER. Server hostname

• -overwrite

  Optional, to force an overwrite of the existing set, if not the user will be asked for a confirmation.

• -port

  Mandatory for type TRUSTEDSERVER. Server port number

• -position

  Optional. Only available for type TRUSTEDCACERT or TRUSTEDSERVER. Position of the certificate to trust in the certificate chain

• -pwd <val>

  Optional. Password. If this argument is not entered the user will be prompted.

  The password is defined by the unissl GENSTORE command.

• -type <val>

  Mandatory. The type can be:

  • SERVERCERT: to import a server certificate. UVMS only
  • TRUSTEDCACERT: to import and approve a certification authority certificate.
  • TRUSTEDSERVER : to import and approve a certification authority certificate by connecting to a remote server (-host and –port)

The keyword CHAIN is no longer used starting from version 4.0.06 of Univiewer.

Example in UVMS:

unissl import -type TRUSTEDCACERT -file "C:\Program Files\AUTOMIC\univiewer_server\FRWPMDEV08_MgtServer\data\security\certnew.p7b" -alias ECA

Enter the Keystore password:

The chain contains 2 certificate(s)

1  Type:               CA Certificate

    Subject:            CN=AUTOMICTstCA, DC=AUTOMICtst, DC=com

    Valid from:         11/05/2011

    Valid to:           11/05/2016

    Fingerprint (MD5):  F1:9B:08:98:42:6D:A6:87:98:C3:E8:89:F0:30:CF:9A

    Fingerprint (SHA1): 1E:EE:43:C9:C0:6B:59:11:E8:70:BA:F3:C2:F4:2D:B0:D0:2B:F5

:1B

2  Type:               Server Certificate

    Subject:            CN=frwpmdev08

    Valid from:         13/11/2012

    Valid to:           13/11/2014

    Fingerprint (MD5):  7C:19:A8:90:95:EC:42:8F:7D:05:C7:94:D8:8E:F5:16

    Fingerprint (SHA1): BC:A4:31:74:78:74:FA:8F:C2:AE:35:4C:72:45:2D:CB:F8:A7:EA

:B6

Enter the position of the certificate to add to the alias "ECA" of the Keystore or 'q' to quit: [1]

1

Import successful

unissl import -type SERVERCERT -file "C:\Program Files\AUTOMIC\univiewer_server\FRWPMDEV08_MgtServer\data\security\certnew.p7b"

Enter the Keystore password:

Do you want to overwrite the previous certificate? Y/N

y

Import successful

Example 1 in UVC Web Console :

unissl import -type TRUSTEDCACERT –file "C:\Program Files\AUTOMIC\univiewer_server\FRWPMDEV08_MgtServer\data\security\AUTOMICCA.cer" -alias automic -pwd unissl

Import successful

Example 2 in UVC Web Console:

unissl import -type TRUSTEDSERVER –host frwpmdev08 -port 4443 -alias automic -pwd unissl -overwrite

Opening connection to frwpmdev08:4443...

Certificate is already trusted

The chain contains 2 certificate(s)

1  Type:               CA Certificate

    Subject:            CN=AutomicTstCA, DC=automictst, DC=com

    Valid from:         11/05/2011

    Valid to:           11/05/2016

    Fingerprint (MD5):  F1:9B:08:98:42:6D:A6:87:98:C3:E8:89:F0:30:CF:9A

    Fingerprint (SHA1): 1E:EE:43:C9:C0:6B:59:11:E8:70:BA:F3:C2:F4:2D:B0:D0:2B:F5

:1B

2  Type:               Server Certificate

    Subject:            CN=FRWPMDEV08

    Valid from:         15/11/2012

    Valid to:           15/11/2014

    Fingerprint (MD5):  89:B3:82:5C:D1:2D:14:57:C0:C7:83:45:31:85:7C:58

    Fingerprint (SHA1): 48:B0:09:C6:FA:D7:18:18:DD:8A:08:1B:68:9F:81:51:29:10:AB

:7E

Enter the position of the certificate to add to the alias "automic" of the Truststore or 'q' to quit: [1]

1

Import successful