Public Health Information Network Messaging System

ahemcurrentNetworking and Communications

Nov 21, 2013 (3 years and 27 days ago)

98 views



Public Health Information
Network Messaging System

Implementing New VeriSign
G2 Intermediate Certificate
on Windows Systems

Version:
1.0.1

Date:
Sept 29,
2009


ahemcurrent_68117382
-
2875
-
4671
-
a708
-
1a5ad3457d56.docx

ii

of
7

EXECUTIVE SUMMARY

VeriSign is requiring all new Secure Socket Layer (SSL) certificates (Server Side certificates)
issued by VeriSign contain an Intermediate Certificate Authority (CA) certificate. The
Intermediate CA enhances the security of the SSL
certificate by incorporating a two
-
tier
hierarchy trust chain. For more information on the VeriSign Intermediate certificate, please
visit:
http://www.verisign.com/support/adviso
ries/page_040611.html
.



ahemcurrent_68117382
-
2875
-
4671
-
a708
-
1a5ad3457d56.docx

iii

of
7

REVISION
HISTORY

VERSION #

IMPLEMENTER

DATE

EXPLANATION

1.0.0

Dawn Fama

07
-
14
-
09


1.0.1

Travis Mayo

09
-
29
-
09

Updated Keytool command and PHINMS
application paths.











ahemcurrent_68117382
-
2875
-
4671
-
a708
-
1a5ad3457d56.docx

iv

of
7

TABLE OF CONTENTS

1.0

Keytool Update Instructions

................................
................................
................................
...
5

1.1 PHINMS Windows Version 2.7 thru 2.8

................................
................................
.........
5

2.0 PHINMS Windows 2.6 and earlier (2.6 used as the example)

................................
........
6

LIST OF FIGURES

Figure 1. PHINMS 2.8
-

Import Trusted Cert

................................
................................
................

5

Figure 2
. PHINMS 2.7
-

Import Trusted Cert

................................
................................
................

5

Figure 3. cacerts File Locations

................................
................................
................................
.....

6

Figure 4. Keytool Command
................................
................................
................................
..........

7

ACRONYM LIST

The acronyms listed

below are used in this document.

CA

Certificate Authority

CDC

Centers for Disease Control and Prevention

PHIN

Public Health Information Network

PHINMS

Public Health Information Network Messaging System

SSL

Secure Socket Layer




ahemcurrent_68117382
-
2875
-
4671
-
a708
-
1a5ad3457d56.docx

5

of
7

1.0

KEYTOOL UPDATE INSTR
UCTIONS

1.1 PHINMS Windows Version 2.7 thru 2.8

Please use the “Import Trusted Cert” feature.



Figure 1.
PHINMS 2.8
-

Import Trusted Cert




Figure 2. PHINMS 2.7
-

Import Trusted Cert






ahemcurrent_68117382
-
2875
-
4671
-
a708
-
1a5ad3457d56.docx

6

of
7

2.0 PHINMS Windows 2.6 and earlier (2.6 used as the example)

Complete the following steps for all earlier versions of PHINMS.

Find the “cacerts” file located in your
confi
g/sender

directory.

1.

Backup your existing cacerts file found in the
config/sender

directory

2.

Copy the cacerts file from the
config/
sender
folder to
C:
\
Program
Files
\
PHINMS26
\
2.6
\
jdk
\
win32
\
bin.


Figure 3. cacerts File Locations

3.

Download the VeriSignSSL.cer
file from
ftp://sftp.cdc.gov/phinms/VeriSign_SSL_Cert_update/VeriSignSSL.cer
.


FTP Site Login Information
-


Username = phinusr

Password = MsSys4U*


4.

Save the file as “VeriS
ignSSL.cer” in the keytool.exe folder location: E.g.
C:
\
Program
Files
\
PHINMS26
\
2.6
\
jdk
\
win32
\
bin

5.

Open a command prompt.

6.

Navigate to the directory using the following command:



cd
C:
\
Program Files
\
PHINMS26
\
2.6
\
jdk
\
win32
\
bin



Type the following keytool
command.

keytool
-
import
-
trustcacerts
-
alias VeriSignG2
-
file VeriSignSSL.cer
-
keystore cacerts
-
storepass changeit



ahemcurrent_68117382
-
2875
-
4671
-
a708
-
1a5ad3457d56.docx

7

of
7


Figure 4. Keytool Command

When the command is successful, the following message in the command window will appear:

Certif
i
cate was added

to keystore


7.

Copy the new cacerts file from
C:
\
Program Files
\
PHINMS26
\
2.6
\
jdk
\
win32
\
bin

to
C:
\
Program Files
\
PHINMS26
\
2.6
\
tomcat
-
5.0.19
\
phinms
\
config
\
sender


8.

Restart PHINMS

9.

Test