Exchanging certificates between HCL Commerce and Sterling Order Management truststores

You must exchange the HCL Commerce and Sterling Order Management server certificates between the HCL Commerce and Sterling Order Management truststores.

About this task

In this task, you add the Sterling Order Management server certificate to the HCL Commerce truststore, and then add the HCL Commerce server certificate to the Sterling Order Management truststore.

Procedure

First, add the Sterling Order Management server certificate to the HCL Commerce truststore:

  1. Extract the server certificate from Sterling Order Management.
    1. In the Integrated Solution console, go to Security > SSL certificate and key management > key stores and certificates and click NodeDefaultKeyStore.
    2. Under Additional Properties, click Personal certificates.
    3. Click the default and then click Extract.
    4. In general properties, enter a filename for the certificate and click OK. For example, enter /opt/Webphere/sccert.arm.
    5. Copy the certificate to the HCL Commerce server.
  2. Add the server certification to HCL Commerce.
    • For development environments:
      1. Log in to the Integrated Solution Console on your development environment.
      2. Go to SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates.
      3. Click on Add, and enter an alias and filename for the certificate. For example, sccret.
      4. Click OK and then Save.
    • For runtime or production environments:
      1. Import the extracted certification to the HCL Commerce Transaction Server by one of two ways:
        • Manage certificates manually.
          Notes:
          • When you copy the certificates to the JSON file, you must replace the line-break with \n to ensure that the entire certificate string is on one line.
          • This integration with Apple Pay uses one-way SSL certificate validation. For one-way SSL certificate validation, where one application needs a certificate to communicate with another application that has SSL enabled, you need only to define the issuing_ca in the JSON file.
          • Load the JSON files to the /SETUP/certs/custom directory of your Docker container.
        • Manage certificates with Vault.

Next, add the HCL Commerce server certificate to the Sterling Order Management truststore:

  1. Extract the server certificate from HCL Commerce.
    1. In the Integrated Solution console, go to Security > SSL certificate and key management > key stores and certificates and click NodeDefaultKeyStore.
    2. Under Additional Properties, click Personal certificates.
    3. Select the certificate created in step 1 and click Extract.
    4. In general properties, enter a filename for the certificate and click OK. For example, enter /opt/Webphere/wcclient.arm.
  2. Add the server certificate to Sterling Order Management.
    1. In the Integrated Solution console, go to Security > SSL certificate and key management > key stores and certificates and click NodeDefaultTrustStore.
    2. Click Signer certificates.
    3. Click Add. Enter an alias and file name for the certificate. For example, enter wcclient.
    4. Click OK and then click Save.