Adding a CA Root Certificate to your Client Application

If you have written a client application that communicates with server applications such as Enterprise Server, the client application needs access to the root certificates of any trusted CAs. The trusted CAs are those who signed the certificates of the servers you are communicating with securely.

This pack includes a collection of well-known CA root certificates plus the self-signed certificate of the demonstration CA. These root certificates are contained in a single file called CARootCerts.pem, found in /opt/microfocus/DemoCA or $COBSSL (if set) by default. This file is not protected by a pass phrase, so you can modify it. You need to add other CA root certificates to the CA root certificate file, if your client application communicates with servers whose certificates are signed by CAs whose certificates are not already in the file.

To add a CA root certificate to the root certificate file:

  1. Convert the new certificate to the same format as the certificates in the file, which in this case is PEM format with DER content encoding. Use openssl to do this. For example, to convert a PKCS7 format file, such as IECert.p7b, to PEM format:
    openssl pkcs7 -inform DER -in IECert.p7b -text -print_certs -out IECert.pem
  2. Append the new certificates to the existing file CARootCerts.pem. For example:
    cat CARootCerts.pem IECert.pem > NewCARootCerts.pem
Note: The CARootCerts.pem file is subject to being updated when a new version of the Micro Focus Security Pack is installed. If you add certificates to this file, you will need to repeat those additions when you update the Micro Focus Security Pack.