Problem
For profile distribution, if you are not using the self-signed certificates provided with the software, you must import the public key certificates from each server that your EMV Profile Manager server trusts into the EMV client keystore. The steps below accomplish this. This information can also be found in the EMV Data Prep and Perso Install and Administration guide for AIEMV 6.5.1.
Summary
The steps to configure certificates for multiple servers (Profile Distribution) in AIEMV.
For profile distribution, if you are not using the self-signed certificates provided with the
software, you must import the public key certificates from each server that your EMV Profile
Manager server trusts into the EMV client keystore. Repeat this procedure on each server that
participates in profile distribution.
The profile distribution keystore is configured in the restclient.properties file, which is located in
the following directory:
. . .\ProgramData\Datacard\Adaptive Issuance Suite\EMV Profile Manager\PSRuntime
The keystore file provided with the software is named “keystore” and is located in the AIS_EMV_
HOME directory. The default path is:
. . .\ProgramData\Datacard\Adaptive Issuance Suite\EMV Profile Manager
-
On the EMV Profile Manager software server computer, open a command prompt window as
an administrator (from the Start button, right-click command prompt and select Run As
Administrator) and change the working directory to “%AIS_JRE_HOME%\bin”. -
For each CA certificate that you want EMV Profile Manager to trust, enter the following
command to import it. You are prompted for the password, which is changeit.- $> keytool -importcert -file <remote_profile_distribution_server>.cer -keystore “%AIS_EMV_HOME%\keystore”
-
<remote_profile_distribution_server> is the fully-qualified domain name of the remote
server that appears in the CN field of that server’s certificate.
- Close the command prompt window.