KB225099: How to add a Certificate Authority Certificate to the Java Trust Store used in MicroStrategy Web for ASP.NET

Vice President, Product Owner • MicroStrategy

How to add a Certificate Authority Certificate to the Java Trust Store used in MicroStrategy Web for ASP.NET

Description:

Strategy Web ASP, administrators might need to add their proprietary certificates to the Java trust store for some SSL Java communications. Some examples are:

ESRI Cloud connectivity
Cloud App connectivity
Intelligence Server communication encryption

PREREQUISITES

The Certificate Authority Certificate (CA Root Certificate) that will be added has to be in Base64 encryption and on a .pem certificate extension.
The environment to be configured is a Strategy Web installation in an ASP.NET framework.
The JVM location for the Strategy Web installation has not been modified from the Out of the Box location.

STEPS TO ADD A CERTIFICATE TO A TRUST STORE

In the Strategy Web server machine navigate to the following location for a 64 bit architecture:
C:\Program Files (x86)\Common Files\Strategy\JRE\180_77\Win64\lib\security
Note: This location could change due to a 32 bit architecture, different JRE version shipped, or if the installation was not done in the C:\ drive
Place the CA Root Certificate from the prerequisites to the location in step 1.
Start a Windows Command Prompt. Typically done by searching for cmd on the Windows Start menu.
In the command prompt navigate to the location in step 1 using the following command:
cd C:\Program Files (x86)\Common Files\Strategy\JRE\180_77\Win64\lib\security
Note: If the location in step 1 is different to the default, modify the location accordingly.
Type thekeytool command to import a trusted certificate as shown below:
keytool -import -file CERTIFICATENAME.pem -alias CAAlias -keystore cacerts -storepass changeit
Notes: The CERTIFICATENAME.pem and CAAlias in the command above have to be modified according to the certificate that needs to be imported. The CAAlias is normally substituted by the Certificate Authority common name.
To confirm export the list of trusted CA certificates using the following command:
keytool -v -list -keystore cacerts -storepass changeit > cacertsformstr.txt
Note: Strategy Technical Support might request that file if required.

Third Party Warning: Java keytool and CA Certificate generation are not Strategy Products and are out of Strategy Technical Support scope. The instructions in this technical note are meant to provide guidance to Strategy Web Administrators. Refer to the respective Windows or security administrators for more information.
KB225099

Comment

0 comments

Details

Knowledge Article

Published:

April 3, 2017

Last Updated:

September 20, 2019

Description:

Strategy Web ASP, administrators might need to add their proprietary certificates to the Java trust store for some SSL Java communications. Some examples are:

ESRI Cloud connectivity

Cloud App connectivity

Intelligence Server communication encryption

PREREQUISITES

The Certificate Authority Certificate (CA Root Certificate) that will be added has to be in Base64 encryption and on a .pem certificate extension.

The environment to be configured is a Strategy Web installation in an ASP.NET framework.

The JVM location for the Strategy Web installation has not been modified from the Out of the Box location.

STEPS TO ADD A CERTIFICATE TO A TRUST STORE

In the Strategy Web server machine navigate to the following location for a 64 bit architecture:
C:\Program Files (x86)\Common Files\Strategy\JRE\180_77\Win64\lib\security
Note: This location could change due to a 32 bit architecture, different JRE version shipped, or if the installation was not done in the C:\ drive

Place the CA Root Certificate from the prerequisites to the location in step 1.

Start a Windows Command Prompt. Typically done by searching for cmd on the Windows Start menu.

In the command prompt navigate to the location in step 1 using the following command:
cd C:\Program Files (x86)\Common Files\Strategy\JRE\180_77\Win64\lib\security
Note: If the location in step 1 is different to the default, modify the location accordingly.

Type thekeytool command to import a trusted certificate as shown below:
keytool -import -file CERTIFICATENAME.pem -alias CAAlias -keystore cacerts -storepass changeit
Notes: The CERTIFICATENAME.pem and CAAlias in the command above have to be modified according to the certificate that needs to be imported. The CAAlias is normally substituted by the Certificate Authority common name.

To confirm export the list of trusted CA certificates using the following command:
keytool -v -list -keystore cacerts -storepass changeit > cacertsformstr.txt
Note: Strategy Technical Support might request that file if required.