You must export and import certificates to get the SAM Tomcat server and M&R Tomcat server to trust each other.

Prerequisites

First, export a certificate on the SAM server. Then import it into the M&R Tomcat server. Then export a certificate from the M&R server and import it into the SAM Tomcat server.

Procedure

  1. Export a certificate from the SAM Tomcat server. For example,
     C:\InCharge\SAM\smarts\jre\bin\keytool.exe -export –keystore C:\InCharge\SAM\smarts\keystore -alias tomcat -rfc >  C:\InCharge\SAM\smarts\SAMtomcat.cert
    1. Copy SAMtomcat.cert to the host where M&R Tomcat server is installed.
    2. Import the SAMtomcat.cert into the M&R host. (Copy the files manually using Windows Explorer and CTRL+C and CTRL+V commands.) For example,
      c:\Program Files\APG>"C:\Program Files\Java\<JDK_version>\bin\keytool.exe" –import -file "c:\Program Files\APG\ SAMtomcat.cert" -alias SAMtomcat -keystore "C:\Program Files\APG\.keystore
      Note:
      If you see the following warning, type yes and continue :
      Certificate already exists in keystore under alias <tomcat>
      Do you still want to add it? [no]: yes
      Certificate was added to keystore
    3. Back up the original cacerts file before this next step.
      Rename file C:\Program Files\APG\Java\Sun-JRE\8.0.281\lib\security\cacerts to C:\Program Files\APG\Java\Sun-JRE\8.0.281\lib\security\cacerts-SAVE    # Backup old cacerts file
    4. Copy .keystore located at c:\Program Files\APG\.keystore to this location, C:\Program Files\APG\Java\Sun-JRE\8.0.281\lib\security, and rename it to cacerts
  2. Restart Tomcat server on the M&R host.
    /opt/APG/bin/manage-modules.sh service restart tomcat
  3. Export a certificate from the M&R host. For example,
    C:\Program Files\APG\Java\Sun-JRE\8.0.281\bin\keytool.exe –export  -keystore "C:\Program Files\APG\.keystore" -alias tomcat -rfc > "C:\Program Files\APG\W4Ntomcat.cert"
    1. Copy W4ntomcat.cert to the SAM server host.
    2. On the SAM server host, run these commands to import a certificate copied from the M&R server host. (Copy the files manually using Windows Explorere and CTRL+C and CTRL+V commands.)
      C:\InCharge\SAM\smarts\jre\bin\keywtool.exe -import –file C:\InCharge\SAM\smarts\ W4Ntomcat.cert -alias W4Ntomcat –keystore C:\InCharge\SAM\smarts\keystore
      Note:
      If you see the following warning, type yes and continue :
      Certificate already exists in keystore under alias <tomcat>
      Do you still want to add it? [no]: yes
      Certificate was added to keystore
    3. Back up the original cacerts file before this next step. Rename the cacerts file located at C:\InCharge\SAM\smarts\jre\lib\security\cacerts to C:\InCharge\SAM\smarts\jre\lib\security\cacerts-SAVE # Backup old cacerts file
    4. Copy the keystore file from C:\InCharge\SAM\smarts\keystore and rename it to cacerts at this location C:\InCharge\SAM\smarts\jre\lib\security\cacerts
  4. Stop and start the Tomcat service on the SAM server:
    1. c:\InCharge\SAM\smarts\bin\sm_service stop smarts-tomcat
    2. c:\InCharge\SAM\smarts\bin\sm_service start smarts-tomcat
  5. Restart the M&R services.
    c:\Program Files\APG\bin\manage-modules.sh service restart all