If you already have a PKCS#12 keystore file and a server certificate that is signed by an intermediate CA rather than a root CA, you must convert the PKCS#12 keystore to JKS format before you can use it with View.

1

Create the JKS keystore and add the intermediate certificate and root certificate to the keystore.

To avoid seeing errors from keytool, you must add the intermediate certificate to the keystore before you can add the server certificate.

a

Save the intermediate certificate as intermediateCA.p7 in the directory that contains the keystore file.

b

If your View Connection Server instance or security server does not trust the root certificate, save the root certificate as rootCA.p7 in the keystore file directory and import the root certificate into the keystore file.

For example: keytool -importcert -keystore keys.jks -storepass secret -alias rootCA -file rootCA.p7

c

Import the intermediate certificate into the keystore file.

For example: keytool -importcert -keystore keys.jks -storepass secret -trustcacerts -alias intermediateCA -file intermediateCA.p7

2

Add the server certificate and private key from the PKCS#12 file to the JKS keystore.

For example: keytool -importkeystore -destkeystore keys.jks -deststorepass secret -srckeystore keys.p12 -srcstoretype PKCS12 -srcstorepass clydenw

The keytool utility creates the JKS keystore if it does not already exist.

Configure your View Connection Server instance or security server to use the certificate. See Configure a View Connection Server Instance or Security Server to Use a New Certificate.