DualShield is a JAVA application server. If you need to make connection to a thirdparty application, such as SQL server, SMTP server etc over SSL encryption, and the SSL server certificate of the thirdparty application is not issued by a trusted CA, then you will need to import the CA certificate into the JAVA Keystore in the DualShield server.Import CA Certificate into DualShield
There is a tool included in the DualShield that can be used to import certificates. Follow the steps below:
- navigate to "tools" folder in your DualShield directory, e.g. C:\Program Files\Deepnet DualShield\tools
- unzip "portecle.zip"
- navigate to the Portecle folder, e.g. C:\Program Files\Deepnet DualShield\tools\portecle-1.7\portecle-1.7
- open Windows CMD console
- execute "portecle.jar", e.g. ..\..\..\jre\bin\java -jar portecle.jar
you should now see the Portecle's user interface:
- Select "File | Open CA Certs Keystore"
- Enter the default password: "changeit"
- Select "Tools | Import Trusted Certificate" and import your CA certificate
Please note that if you can double click the file portecle.jar to run this utility, then it is very likely that you have another JRE installed on this machine that is NOT the one used in DualShield. In that case, please choose the menu "Open Keystore File..." instead, then locate the file "cacerts" under DualShield installation folder.
Alternatively, you can import a root or intermediate CA certificate to an existing Java keystore with following command
C:\Program Files\Deepnet DualShield\jre\bin\keytool -import -trustcacerts -alias root -file yourca.crt -keystore C:\Program Files\Deepnet DualShield\jre\lib\security\cacerts
Once you have successfully import your AD's CA certificate into your DualShield's keystore, restart the DualShield server.