How to Install a Third Party Certificate into enVision

1. Purchase the third party certificate.
   
2. On the enVision server (Asrv for LS), run the following:
   %_ENVISION%\conf>del .keystore
   
3. Run the following, answering the questions as requested.
   %_ENVISION%\conf>..\jre\bin\keytool -genkey -keyalg RSA -keystore .keystore -validity 360 -alias tomcat

   Note: The keystore and tomcat passwords are both enVision.

4. Run the following commands where ?name? is the name of the enVision server (ex: support-as1).
   %_ENVISION%\conf>..\jre\bin\keytool -certreq -keyalg RSA -file name.csr -keystore .keystore -alias tomcat
   Enter keystore password: enVision
   %_ENVISION%\conf>notepad name.csr
   
5. Send the .csr file to the third party. In return, they will send three *.crt files. Copy the *.crt files to any folder on the enVision server.
   
6. Install the root certificate first, using a password of enVision, and answering yes when asked to add the certificate to the keystore:
   %_ENVISION%\conf>..\jre\bin\keytool -import -trustcacerts -alias root -keystore .keystore -file location_of_root_cert.crt where location_of_root_cert is the location of the root certificate.
   
7. The Intermediate certificate must be installed second, using a password of enVision, and answering yes when asked to add the certificate to the keystore:
   %_ENVISION%\conf>..\jre\bin\keytool -import -trustcacerts -alias INTER -keystore .keystore -file location_of_intermediate_cert.crt where location_of_intermediate_cert is the location of the root certificate.
   
8. Lastly, install the Intranet SSL certificate, using a password of enVision, and answering yes when asked to add the certificate to the keystore:
   %_ENVISION%\conf>..\jre\bin\keytool -import -trustcacerts -keystore .keystore -alias tomcat -file location_of_intranet_cert.crt where location_of_intranet_cert is the location of the root certificate.
   
9. Bounce the NIC WebServer service.
   
10. The installation is complete.