Find Answers

Find Answers

Specified Languages
British English
English

How do I update my Java KeyStore with the Akamai SSL Certificates?


Doc ID:    C1687
Version:    5.0
Status:    Published
Published date:    10/13/2017
Updated:    10/13/2017
 

Answer


The following instructions describe the steps required to obtain and update your Java keystore with root and intermediate GeoTrust SSL certificates for the CyberSource SOAP Toolkit and Simple Order API (ics2wsa.ic3.com & ics2wstesta.ic3.com). GeoTrust is Akamai's SSL certificate authority (CA).

These instructions apply to:

  • CyberSource SOAP Toolkit, Simple Order API
  • Java programming language
  • Production, Test environment
  • Akamai endpoints (for connection with CyberSource)


To obtain the certificates

Download the attached file archive here: Where can I find the Akamai SSL certificates for ics2wsa.ic3.com and ics2wstesta.ic3.com?

If there is difficulty obtaining these files, you may obtain them directly from the host as follows:

Obtain files from the host system.

  1. Navigate to the host your application must communicate with.

For the Simple Order and SOAP Toolkit API this will be:
 

Environment

URL

Live/Production

https://ics2wsa.ic3.com/commerce/1.x/transactionProcessor/

Test/CAS

https://ics2wstesta.ic3.com/commerce/1.x/transactionProcessor/

  1. Download the root and intermediate certificates.

There are 2 certificates that must be downloaded:

  • GeoTrust Global CA
  • GeoTrust SSL CA - G3
Download the Root Certificate (GeoTrust Global CA)
  1. Click on File > Properties > Certificates > Certification Path tab
  2. Select highest level of the certification path tree: 'GeoTrust Global CA'
  3. Click View Certificate > Details tab > Copy to File... > Next > Next
  4. Enter a filename (e.g., GeoTrustGlobalCA.crt)
  5. Click Next > Finish.
Download the Intermediate Certificate (GeoTrust SSL CA - G3)
  1. Click on File > Properties > Certificates > Certification Path tab
  2. Select second level of certification path tree: 'GeoTrust SSL CA - G3'
  3. Click View Certificate > Details tab > Copy to File... > Next > Next
  4. Enter a filename (suggested filename: GeoTrustSSLCAG3.crt)
  5. Click Next > Finish.

Note:: Both Test and Production environments use the same two certificates.

The domain/server level certificate is not included as we do not recommend trusting to the domain level.

Install the certificates

  1. From the command line, navigate to the directory on your computer containing the certificates
  2.  Type the following commands without line breaks:

keytool -import -alias GeoTrustCA -keystore JAVA_HOME/jre/lib/security/cacerts -file GeoTrustGlobalCA.crt

keytool -import -alias GeoTrustCAG3 -keystore JAVA_HOME/jre/lib/security/cacerts -file GeoTrustSSLCAG3.crt

Further explanation:

keytool is a utility included in the Java SDK used to manage SSL certificates in Java.

These instructions assume that your JDK's bin directory has been added to the PATH environment variable. If your system does not recognize keytool as a valid command you can browse to the bin directory via the command line and run the command from there. Note that in this case, you must manually set the path to the certificate using the -file command, explained below.

-import is a keytool command used to import certificates into the keystore.

-alias is a keytool command used to specify a name for a certificate being imported into the keystore.

Aliases are unique in the keystore; you must choose a different alias for each certificate, e.g., 'AliasName1', 'AliasName2'.

-keystore is a keytool command used to specify the keystore to act upon.

JAVA_HOME is the path to your Java installation.

cacerts is the default Java keystore.

-file is a keytool command used to specify the path to the certificate to be imported.

The names of the certificates may differ from the names stated here depending on how you acquired them.

if you did not navigate to the directory where the certificates are located, you can specify the full path to the certificate, e.g.,  -file C:/My/Cert/Folder/SampleCertificateName.crt

  1. Enter the password for the keystore.
The default password is usually 'changeit' for Java's default keystore, cacerts.

Rate This Item