Problem

How do I install a CA issued SSL certificate for SSL Communication For Admin Server in VA 4.12.2?

Resolution

1.) Install the CA that is issuing the certificate on the machine you will be connecting to the administrator UI from the browser on. The CA should be installed in the "Trusted Root Certificate Authorities" store for windows or in your browsers equivalent store.

2.) Login to VA Admin UI

3.) Go to Keys and Certificates -> Certificates -> CA Certificates store and add the CA certificate issuing the certificate to the store

4.) Go to Keys and Certificates -> Create/Import Private Key -> SSL Communication For Admin Server and click on Submit Key Type

a.) Select Generate/Import Software Key (Or Hardware Key) and Click Submit Key Generation Technique

b.) Select Generate new private key (or import) and click Submit Key Generation Or Import

c.) *Server Password: Enter in password you use to start VA Server (not the admin UI password). Then fill in information and click Submit

(You don’t need to restart the admin service yet but if you do you must call apachepassphrase as described in step 7 below.)

5.) Go to Keys and Certificates -> Certificate Requests and copy the request and put it in the format the CA needs and send it to CA admin

6.) When you get the CA issued certificate back go to Keys and Certificates -> Certificates -> SSL Communication For Admin Server

a.) Select Add then add the CA issued certificate

7.) Start a command prompt as administrator and call apachepassphrase:

apachepassphrase -set "<VA Server password>"

This sets the password in the registry. The Apache HTTP server will read it from there using apachepassphrase during startup automatically. In VA 4.12.2 it is not necessary anymore to enter this password manually when the admin service is restarted.

8.) Restart “Axway VA Admin” service in the Service Control Panel

(This article replaces #176956 for VA 4.12.2.)