DSE Certificates Setup for Web Services Access

Updated 5/17/2019

The Compliance Monitoring Data Portal (CMDP) Data Synchronization Engine (DSE)’s security certification is set to expire on 5/24/19. 

All DSE installations are required to update the SSL certificate by that time.  Open the attached PDF for instructions on downloading and importing SSL certificates for both the Pre-Production and Production environments. 

I. Download the attached Java security files

  1. Download two files, “local_policy.jar” and “US_export_policy.jar”
  2. Place (Replace if necessary) the jar files in the following location “C:\Program Files\Java\jdk1.7.0_25\jre\lib\security”

** IMP NOTE: Above mentioned .jar files work for JDK version 1.7 and above.

Note: C:\Program Files\Java\jdk1.7.0_25 is the JAVA_HOME location used for DSE.

II. Download the attached Certificate files

  1. For Pre-Production download certificate titled
  2. For Production download certificate titled”.
  3. The following command has to be executed from the folder where the certificates are saved.

a. Open command prompt (In administrator mode) and navigate to the folder where the certificate is saved.

b. Run the following command for Pre-Production.

keytool.exe -import -alias Pre_ProdEpa_gov -file -keystore "{JAVA_HOME PATH}jre\lib\security\cacerts"

c. Run the following command for Production.

keytool.exe -import -alias ProdEpa_gov -file -keystore "{JAVA_HOME PATH}jre\lib\security\cacerts”

Note: Replace “JAVA_HOME PATH” with path that JAVA_HOME is pointing to.

III. Add the following line at the end of the setenv.bat file from this page

  1. Set JAVA_OPTS=-Dhttps.protocols=TLSv1.1,TLSv1.2
  2. If tomcat is run as a service, open tomcat properties, navigate to Java tab and in “Java_Options” section enter the following line at the end.

a. -Dhttps.protocols=TLSv1.1,TLSv1.2

IV. Download and replace dseWebAdmin.war file from this page

V. Restart Tomcat.


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Article is closed for comments.