Appendix J - Installing SSL Certificate for WMS

This appendix describes how to install SSL certificate for web map service (WMS).

If you are adding a HTTPs WMS URL which uses a SSL certificate that is not trusted by SSA server, you need to install the root certificate or any intermediate certificates for corresponding certificate authority in SSA trust store. SSA server by default makes use of default JDK trust store file cacerts found in JDK directory.

Perform the steps given below to import the certificates.

Get a root/intermediately certificates from your certificate authority and save it. For example, you can save it as Example_SSL_CA_G2.cer.
Backup cacerts keystore file in %JAVA_HOME%/jre/lib/security.
Open a Command prompt as administrator.

Import certificate into cacerts. Now, execute below command after replacing the values in <>:

"%JAVA_HOME%/bin/keytool" -import -alias <alias_for_CA_certificate> -keystore <path_to_cacerts> -trustcacerts -file <path_to_root_certificate>

A sample command looks like:

"%JAVA_HOME%/bin/keytool" -import
        -alias Example_SSL_CA_G2 -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -trustcacerts
        -file "F:/SSL/Example_SSL_CA_G2.cer"

Enter the password as changeit.
A success message is displayed after you press Enter key - "Certificate was added to keystore”.
Restart AnalystConnect and AnalystAdmin services for SSA server.
Now, add the WMS map to SSA map config.