Topic Last Modified: 2009-02-27
Setup for Communicator Web Access installs a Java Archive (.jar) file in the following path, where client version is the version of the build:
<installation path>\Server\cwa\client\<client version>
If you are using a private or self-hosted CA, the certificate should use the Code Signing certificate template.
Before you begin this procedure, you must obtain the following certificate signing tools, which are available at http://www.mozilla.org/projects/security/pki/nss/tools:
- Certutil. Manages certificates and private keys. You can use Certutil to create a certificate database, create a private key database, and add a certificate to the certificate database.
- Pk12util. Imports a certificate and private key pair file (also called a personal information exchange file) into the database that was created by Certutil.exe.
- Signtool. Signs an HTML page with a certificate and private key in the database.
The Mozilla Web site provides only the source code for these tools. You have to build the executable files yourself.
You also need to ensure that the folder where you install the executable files is in the default path for your computer so that you can easily run the tools from a command prompt.
Log on to the Communicator Web Access server as a member of the Administrators group.
Create a folder (referred to in the following steps as <database_folder>), which will store database files that are created by commands in the rest of this procedure.
Open a Command Prompt window by clicking Start, and then clicking Run. In the Open box, type cmd, and then click OK.
Run Certutil.exe to create a certificate database by typing the following at the command prompt, and then pressing ENTER:
certutil.exe -N -d <database_folder>
When you are prompted for a password, type a password that you want to use to control access to the certificate database.
Apply for a certificate and private key pair file from a trusted third-party CA or from a private or self-hosted CA. For details about applying for a certificate, contact the certification authority. If the certificate that you receive is saved in the local computer’s certificate store, export the certificate and private key into a .pfx file.
Run the Pk12util.exe to import the certificate and private key file into the database that you created. At the command prompt, type the following, and then press ENTER:
pk12util.exe -i <cert/key file> -d <database_folder >
Obtain the root CA certificate by copying or downloading the certificate file according to the instructions provided by your CA.
Run Certutil.exe to add the CA certificate to the database. You must specify a nickname for the CA certificate. At the command prompt, type the following all on one line, and then press ENTER:
certutil.exe -A -n <certificate nickname> -i <CA certificate> -t "C,C,C" -d <database_folder >
Run Certutil.exe to list all certificates in the database. From this list, you can obtain the name of the certificate that you will use in the next step. At the command prompt, type the following, and then press ENTER:
certutil.exe -L -d <database_folder >
Signtool -k <certificate name> -Z <installation path>\Server\cwa\client\<client version>\SignedCode.jar -p <database password> -d <database directory> <installation path>\Server\cwa\client\clientversion\SignedCode
After you run this command, the new Java archive file that includes the script file and related signing information replaces the default Java archive file.