Appendix J — Installing an SSL Certificate for WMS

This appendix describes how to install an SSL certificate for the web map service (WMS).

If you are adding a HTTPS WMS URL that uses an SSL certificate that is not trusted by the SSA server, you will need to install the root certificate or any intermediate certificates for the corresponding certificate authority in the SSA trust store. The SSA server by default makes use of a default JDK trust store file cacerts found in the JDK directory.

Perform the steps given below to import the certificates.
  1. Get a root/intermediate certificate from your certificate authority and save it. For example, you can save it as Example_SSL_CA_G2.cer.
  2. Back up the cacerts keystore file in %JAVA_HOME%/jre/lib/security.
  3. Open a command prompt as administrator.
  4. Import the certificate into cacerts. Now, execute the command below after replacing the values in <>:
    "%JAVA_HOME%/bin/keytool" -import -alias <alias_for_CA_certificate> -keystore <path_to_cacerts> -trustcacerts -file <path_to_root_certificate>

    A sample command looks like: 

    "%JAVA_HOME%/bin/keytool" -import
        -alias Example_SSL_CA_G2 -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -trustcacerts
        -file "F:/SSL/Example_SSL_CA_G2.cer"
  5. Enter the password as changeit.
  6. A success message will be displayed after you have pressed the Enter key — "Certificate was added to keystore".
  7. Restart the AnalystConnect and AnalystAdmin services for the SSA server.
  8. Now, add the WMS map to the SSA map config.