{"id":10423,"date":"2017-08-05T06:58:07","date_gmt":"2017-08-05T04:58:07","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/documentum-using-da-with-self-signed-ssl-certificate\/"},"modified":"2017-08-05T06:58:07","modified_gmt":"2017-08-05T04:58:07","slug":"documentum-using-da-with-self-signed-ssl-certificate","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/documentum-using-da-with-self-signed-ssl-certificate\/","title":{"rendered":"Documentum &#8211; Using DA with Self-Signed SSL Certificate"},"content":{"rendered":"<p>A few years ago, I was working on a Documentum project and one of the tasks was to setup all components in SSL. I already published a lot of blogs on this subject but there is one I wanted to do but never really took the time to publish it. In this blog, I will therefore talk about Documentum Administrator in SSL using a Self-Sign SSL Certificate. Recently, a colleague of mine had the same issue at another customer so I provided him the full procedure that I will describe below. However, since the process below requires the signature of a jar file and since this isn\u2019t available for all companies, you might want to check out my colleague&#8217;s <a title=\"DA 7.2 UCF Transfer failing with SSL\" href=\"https:\/\/www.dbi-services.com\/blog\/da-7-2-ucf-transfer-failing-with-ssl\/\" target=\"_blank\" rel=\"noopener\">blog<\/a> too.<\/p>\n<p>A lot of companies are working with their own SSL Trust Chain, meaning that they provide\/create their own SSL Certificate (Self-Signed) including their Root and Intermediate SSL Certificate for the trust. End-users will not really notice the difference but they are actually using Self-Sign SSL Certificate. This has some repercussions when working with Documentum since you need to import the SSL Trust Chain on the various Application Servers (JMS, WebLogic, Dsearch, aso&#8230;). This is pretty simple but there is one thing that is a little bit trickier and this is related to Documentum Administrator.<\/p>\n<p>Below, I will use a DA 7.2 P16 (that is therefore pretty recent) but the same applies to all patches of DA 7.2 and 7.3. For information, we didn&#8217;t face this issue with DA 7.1 so something most probably changed between DA 7.1 and 7.2. If you are seeing the same thing with a DA 7.1, feel free to put a comment below, I would love to know! When you are accessing DA for the first time, you will actually download a JRE which will be put under C:Users&lt;user_name&gt;Documentumucf&lt;machine_name&gt;, by default. This JRE is used for various stuff including the transfer of files (UCF), display of DA preferences, aso&#8230; DA isn&#8217;t taking the JRE from the website of Oracle, it is, in fact, taking it from the da.war file. The DA war file always contains two or three different JREs versions. Now if you want to use DA in HTTPS, these JREs will also need to contain your custom SSL Trust Chain. So how can you do that?<\/p>\n<p>Well a simple answer would be: just like for the JMS or WebLogic, just import the custom SSL Trust Chain in the &#8220;cacerts&#8221; of these JREs. That will actually not work for a very vicious reason: EMC is now signing all the files provided and that also include the JREs inside da.war (well actually they are signing the checksums of the JREs, not the JREs themselves). Because of this signature, if you edit the cacerts file of the JREs, DA will say something like that: &#8220;Invalid checksum for the file &#8216;win-jre1.8.0_91.zip'&#8221;. This checksum ensures that the JREs and all the files you are using on your local workstation that have been downloaded from the da.war are the one provided by EMC. This is good from a security point of view since it prevents intruders to exchanges the files during transfer or directly on your workstation but that also prevents you from updating the JREs with your custom SSL Trust Chain.<\/p>\n<p>&nbsp;<\/p>\n<p>So what I will do below to update the Java cacerts AND still keep a valid signature is:<\/p>\n<ol>\n<li>Extract the JREs and ucfinit.jar file from da.war<\/li>\n<li>Update the cacerts of each JREs with a custom SSL Trust Chain (Root + Intermediate)<\/li>\n<li>Repackage the JREs<\/li>\n<li>Calculate the checksum of the JREs using the ComputeChecksum java class<\/li>\n<li>Extract the old checksum files from ucfinit.jar<\/li>\n<li>Replace the old checksum files for the JREs with the new one generated on step 4<\/li>\n<li>Remove .RSA and .SF files from the META-INF folder and clean the MANIFEST to remove Documentum&#8217;s digital signature<\/li>\n<li>Recreate the file ucfinit.jar with the clean manifest and all other files<\/li>\n<li>Ask the company&#8217;s dedicated team to sign the new jar file<\/li>\n<li>Repackage da.war with the updated JREs and the updated\/signed ucfinit.jar<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p>I will use below generic commands that do not specify any version of the JREs or DA because there will be two or three different JREs and the versions will change depending on your DA Patch level, so better stay generic. I will also use my custom SSL Trust Chain which I put under \/tmp.<\/p>\n<p>In this first part, I will create a working folder to avoid messing with the deployed applications. Then I will extract the needed files and finally remove all files and folders that I don&#8217;t need. That&#8217;s the step 1:<\/p>\n<pre class=\"brush: bash; gutter: true; first-line: 1; highlight: [12,13,14,15]\">[weblogic@weblogic_server_01 ~]$ mkdir \/tmp\/workspace; cd \/tmp\/workspace\n[weblogic@weblogic_server_01 workspace]$\n[weblogic@weblogic_server_01 workspace]$ cp $WLS_APPLICATIONS\/da.war .\n[weblogic@weblogic_server_01 workspace]$ ls\nda.war\n[weblogic@weblogic_server_01 workspace]$\n[weblogic@weblogic_server_01 workspace]$ jar -xvf da.war wdk\/system\/ucfinit.jar wdk\/contentXfer\/\n  created: wdk\/contentXfer\/\n inflated: wdk\/contentXfer\/All-MB.jar\n ...\n inflated: wdk\/contentXfer\/Web\/Emc.Documentum.Ucf.Client.Impl.application\n inflated: wdk\/contentXfer\/win-jre1.7.0_71.zip\n inflated: wdk\/contentXfer\/win-jre1.7.0_72.zip\n inflated: wdk\/contentXfer\/win-jre1.8.0_91.zip\n inflated: wdk\/system\/ucfinit.jar\n[weblogic@weblogic_server_01 workspace]$\n[weblogic@weblogic_server_01 workspace]$ cd .\/wdk\/contentXfer\/\n[weblogic@weblogic_server_01 contentXfer]$\n[weblogic@weblogic_server_01 contentXfer]$ ls\nAll-MB.jar                                    jacob.dll                 libUCFSolarisGNOME.so   ucf-client-installer.zip  win-jre1.8.0_91.zip\nApplication Files                             jacob.jar                 libUCFSolarisJNI.so     ucf.installer.config.xml\nEmc.Documentum.Ucf.Client.Impl.application    libMacOSXForkerIO.jnilib  licenses                UCFWin32JNI.dll\nES1_MRE.msi                                   libUCFLinuxGNOME.so       MacOSXForker.jar        Web\nExJNIAPI.dll                                  libUCFLinuxJNI.so         mac_utilities.jar       win-jre1.7.0_71.zip\nExJNIAPIGateway.jar                           libUCFLinuxKDE.so         ucf-ca-office-auto.jar  win-jre1.7.0_72.zip\n[weblogic@weblogic_server_01 contentXfer]$\n[weblogic@weblogic_server_01 contentXfer]$ for i in `ls | grep -v 'win-jre'`; do rm -rf \".\/${i}\"; done\n[weblogic@weblogic_server_01 contentXfer]$ rm -rf .\/*\/\n[weblogic@weblogic_server_01 contentXfer]$\n[weblogic@weblogic_server_01 contentXfer]$ ls\nwin-jre1.7.0_71.zip  win-jre1.7.0_72.zip  win-jre1.8.0_91.zip\n[weblogic@weblogic_server_01 contentXfer]$<\/pre>\n<p>&nbsp;<\/p>\n<p>At this point, only the JREs are present in the current folder (wdk\/contentXfer) and I also have another file in another folder (wdk\/system\/ucfinit.jar). Once that is done, I&#8217;m creating a list of the JREs available that I will use for the whole blog and I&#8217;m also performing the steps 2 and 3, to extract the cacerts from the JREs, update them and finally repackage them (this is where I use the custom SSL Trust Chain):<\/p>\n<pre class=\"brush: bash; gutter: true; first-line: 1; highlight: [3,4,5,9,11,13,16,17,18,21,22,23,26,27,28]\">[weblogic@weblogic_server_01 contentXfer]$ ls win-jre* | sed -e 's\/.*win-\/\/' -e 's\/.zip\/\/' &gt; \/tmp\/list_jre.txt\n[weblogic@weblogic_server_01 contentXfer]$ cat \/tmp\/list_jre.txt\njre1.7.0_71\njre1.7.0_72\njre1.8.0_91\n[weblogic@weblogic_server_01 contentXfer]$\n[weblogic@weblogic_server_01 contentXfer]$ while read line; do unzip -x win-${line}.zip ${line}\/lib\/security\/cacerts; done &lt; \/tmp\/list_jre.txt\nArchive:  win-jre1.7.0_71.zip\n  inflating: jre1.7.0_71\/lib\/security\/cacerts\nArchive:  win-jre1.7.0_72.zip\n  inflating: jre1.7.0_72\/lib\/security\/cacerts\nArchive:  win-jre1.8.0_91.zip\n  inflating: jre1.8.0_91\/lib\/security\/cacerts\n[weblogic@weblogic_server_01 contentXfer]$\n[weblogic@weblogic_server_01 contentXfer]$ while read line; do keytool -import -noprompt -trustcacerts -alias custom_root_ca -keystore ${line}\/lib\/security\/cacerts -file \/tmp\/Company_Root_CA.cer -storepass changeit; done &lt; \/tmp\/list_jre.txt\nCertificate was added to keystore\nCertificate was added to keystore\nCertificate was added to keystore\n[weblogic@weblogic_server_01 contentXfer]$\n[weblogic@weblogic_server_01 contentXfer]$ while read line; do keytool -import -noprompt -trustcacerts -alias custom_int_ca -keystore ${line}\/lib\/security\/cacerts -file \/tmp\/Company_Intermediate_CA.cer -storepass changeit; done &lt; \/tmp\/list_jre.txt\nCertificate was added to keystore\nCertificate was added to keystore\nCertificate was added to keystore\n[weblogic@weblogic_server_01 contentXfer]$\n[weblogic@weblogic_server_01 contentXfer]$ while read line; do zip -u win-${line}.zip ${line}\/lib\/security\/cacerts; done &lt; \/tmp\/list_jre.txt\nupdating: jre1.7.0_71\/lib\/security\/cacerts (deflated 35%)\nupdating: jre1.7.0_72\/lib\/security\/cacerts (deflated 35%)\nupdating: jre1.8.0_91\/lib\/security\/cacerts (deflated 33%)\n[weblogic@weblogic_server_01 contentXfer]$\n[weblogic@weblogic_server_01 contentXfer]$ while read line; do rm -rf .\/${line}; done &lt; \/tmp\/list_jre.txt\n[weblogic@weblogic_server_01 contentXfer]$<\/pre>\n<p>&nbsp;<\/p>\n<p>At this point, the JREs have been updated with a new &#8220;cacerts&#8221; and therefore its checksum changed. It doesn&#8217;t match the signed checksum anymore so if you try to deploy DA at this point, you will get the error message I put above. So, let&#8217;s perform the steps 4, 5 and 6. For that purpose, I will use the file \/tmp\/ComputeChecksum.class that was provided by EMC. This class is needed in order to recalculate the new checksum of the JREs:<\/p>\n<pre class=\"brush: bash; gutter: true; first-line: 1; highlight: [9,13,26,27,28,35,36,37]\">[weblogic@weblogic_server_01 contentXfer]$ pwd\n\/tmp\/workspace\/wdk\/contentXfer\n[weblogic@weblogic_server_01 contentXfer]$\n[weblogic@weblogic_server_01 contentXfer]$ cp \/tmp\/ComputeChecksum.class .\n[weblogic@weblogic_server_01 contentXfer]$\n[weblogic@weblogic_server_01 contentXfer]$ ls\nComputeChecksum.class  win-jre1.7.0_71.zip  win-jre1.7.0_72.zip  win-jre1.8.0_91.zip\n[weblogic@weblogic_server_01 contentXfer]$\n[weblogic@weblogic_server_01 contentXfer]$ java ComputeChecksum .\n[weblogic@weblogic_server_01 contentXfer]$\n[weblogic@weblogic_server_01 contentXfer]$ ls\nComputeChecksum.class           win-jre1.7.0_71.zip           win-jre1.7.0_72.zip           win-jre1.8.0_91.zip\nComputeChecksum.class.checksum  win-jre1.7.0_71.zip.checksum  win-jre1.7.0_72.zip.checksum  win-jre1.8.0_91.zip.checksum\n[weblogic@weblogic_server_01 contentXfer]$\n[weblogic@weblogic_server_01 contentXfer]$ rm ComputeChecksum.class*\n[weblogic@weblogic_server_01 contentXfer]$\n[weblogic@weblogic_server_01 contentXfer]$ cd \/tmp\/workspace\/wdk\/system\/\n[weblogic@weblogic_server_01 system]$\n[weblogic@weblogic_server_01 system]$ pwd\n\/tmp\/workspace\/wdk\/system\n[weblogic@weblogic_server_01 system]$\n[weblogic@weblogic_server_01 system]$ ls\nucfinit.jar\n[weblogic@weblogic_server_01 system]$\n[weblogic@weblogic_server_01 system]$ jar -xvf ucfinit.jar\n inflated: META-INF\/MANIFEST.MF\n inflated: META-INF\/COMPANY.SF\n inflated: META-INF\/COMPANY.RSA\n  created: META-INF\/\n inflated: All-MB.jar.checksum\n  created: com\/\n  created: com\/documentum\/\n  ...\n inflated: UCFWin32JNI.dll.checksum\n inflated: win-jre1.7.0_71.zip.checksum\n inflated: win-jre1.7.0_72.zip.checksum\n inflated: win-jre1.8.0_91.zip.checksum\n[weblogic@weblogic_server_01 system]$\n[weblogic@weblogic_server_01 system]$ mv \/tmp\/workspace\/wdk\/contentXfer\/win-jre*.checksum .\n[weblogic@weblogic_server_01 system]$<\/pre>\n<p>&nbsp;<\/p>\n<p>With this last command, the new checksum have replaced the old ones. The next step is now to remove the old signatures (.RSA and .SF files + content of the manifest) and the repack the ucfinit.jar file (step 7 and 8):<\/p>\n<pre class=\"brush: bash; gutter: true; first-line: 1; highlight: [21,22]\">[weblogic@weblogic_server_01 system]$ rm ucfinit.jar META-INF\/*.SF META-INF\/*.RSA\n[weblogic@weblogic_server_01 system]$\n[weblogic@weblogic_server_01 system]$ sed -i -e '\/^Name:\/d' -e '\/^SHA\/d' -e '\/^ \/d' -e '\/^[[:space:]]*$\/d' META-INF\/MANIFEST.MF\n[weblogic@weblogic_server_01 system]$\n[weblogic@weblogic_server_01 system]$ cat META-INF\/MANIFEST.MF\nManifest-Version: 1.0\nAnt-Version: Apache Ant 1.8.4\nTitle: Documentum Client File Selector Applet\nBundle-Version: 7.2.0160.0058\nApplication-Name: Documentum\nBuilt-By: dmadmin\nBuild-Version: 7.2.0160.0058\nPermissions: all-permissions\nCreated-By: 1.6.0_30-b12 (Sun Microsystems Inc.)\nCopyright: Documentum Inc. 2001, 2004\nCaller-Allowable-Codebase: *\nBuild-Date: August 16 2016 06:35 AM\nCodebase: *\n[weblogic@weblogic_server_01 system]$\n[weblogic@weblogic_server_01 system]$ vi META-INF\/MANIFEST.MF\n    =&gt; Add a new empty line at the end of this file with vi, vim, nano or whatever... The file must always end with an empty line.\n    =&gt; Do NOT use the command \"echo '' &gt;&gt; META-INF\/MANIFEST.MF\" because it will change the fileformat of the file which complicate the signature (usually the FF is DOS...)\n[weblogic@weblogic_server_01 system]$\n[weblogic@weblogic_server_01 system]$\n[weblogic@weblogic_server_01 system]$ jar -cmvf META-INF\/MANIFEST.MF ucfinit.jar *\nadded manifest\nadding: All-MB.jar.checksum(in = 28) (out= 30)(deflated -7%)\nadding: com\/(in = 0) (out= 0)(stored 0%)\nadding: com\/documentum\/(in = 0) (out= 0)(stored 0%)\nadding: com\/documentum\/ucf\/(in = 0) (out= 0)(stored 0%)\n...\nadding: UCFWin32JNI.dll.checksum(in = 28) (out= 30)(deflated -7%)\nadding: win-jre1.7.0_71.zip.checksum(in = 28) (out= 30)(deflated -7%)\nadding: win-jre1.7.0_72.zip.checksum(in = 28) (out= 30)(deflated -7%)\nadding: win-jre1.8.0_91.zip.checksum(in = 28) (out= 30)(deflated -7%)\n[weblogic@weblogic_server_01 system]$<\/pre>\n<p>&nbsp;<\/p>\n<p>At this point, the file ucfinit.jar has been recreated with an &#8220;empty&#8221; manifest, without signature but with all the new checksum files. Therefore, it is now time to send this file (ucfinit.jar) to your code signing team (step 9). This is out of scope for this blog but basically what will be done by your signature team is the creation of the .RSA and .SF files inside the folder META-INF as well as the repopulation of the manifest. The .SF and the manifest will contain more or less the same thing: the different files of the ucfinit.jar files will have their entries in these files with a pair filename\/signature. At this point, we therefore have re-signed the checksum of the JREs.<\/p>\n<p>&nbsp;<\/p>\n<p>The last step is now to repack the da.war with the new ucfinit.jar file which has been signed. I put the new signed file under \/tmp:<\/p>\n<pre class=\"brush: bash; gutter: true; first-line: 1; highlight: [23,24,25,27]\">[weblogic@weblogic_server_01 system]$ pwd\n\/tmp\/workspace\/wdk\/system\n[weblogic@weblogic_server_01 system]$\n[weblogic@weblogic_server_01 system]$ rm -rf *\n[weblogic@weblogic_server_01 system]$\n[weblogic@weblogic_server_01 system]$ ll\ntotal 0\n[weblogic@weblogic_server_01 system]$\n[weblogic@weblogic_server_01 system]$ cp \/tmp\/ucfinit.jar .\n[weblogic@weblogic_server_01 system]$\n[weblogic@weblogic_server_01 system]$ cd \/tmp\/workspace\/\n[weblogic@weblogic_server_01 workspace]$\n[weblogic@weblogic_server_01 workspace]$ ls wdk\/*\nwdk\/contentXfer:\nwin-jre1.7.0_71.zip  win-jre1.7.0_72.zip  win-jre1.8.0_91.zip\n\nwdk\/system:\nucfinit.jar\n[weblogic@weblogic_server_01 workspace]$\n[weblogic@weblogic_server_01 workspace]$ jar -uvf da.war wdk\nadding: wdk\/(in = 0) (out= 0)(stored 0%)\nadding: wdk\/contentXfer\/(in = 0) (out= 0)(stored 0%)\nadding: wdk\/contentXfer\/win-jre1.7.0_71.zip(in = 41373620) (out= 41205241)(deflated 0%)\nadding: wdk\/contentXfer\/win-jre1.7.0_72.zip(in = 41318962) (out= 41137924)(deflated 0%)\nadding: wdk\/contentXfer\/win-jre1.8.0_91.zip(in = 62424686) (out= 62229724)(deflated 0%)\nadding: wdk\/system\/(in = 0) (out= 0)(stored 0%)\nadding: wdk\/system\/ucfinit.jar(in = 317133) (out= 273564)(deflated 13%)\n[weblogic@weblogic_server_01 workspace]$\n[weblogic@weblogic_server_01 workspace]$ mv $WLS_APPLICATIONS\/da.war $WLS_APPLICATIONS\/da.war_bck_beforeSignature\n[weblogic@weblogic_server_01 workspace]$\n[weblogic@weblogic_server_01 workspace]$ mv da.war $WLS_APPLICATIONS\/\n[weblogic@weblogic_server_01 workspace]$<\/pre>\n<p>&nbsp;<\/p>\n<p>Once this has been done, simply redeploy the Documentum Administrator and the next time you will access it in HTTPS, you will be able to transfer files, view the DA preferences, aso&#8230; The JREs are now trusted automatically because the checksum of the JRE is now signed properly.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A few years ago, I was working on a Documentum project and one of the tasks was to setup all components in SSL. I already published a lot of blogs on this subject but there is one I wanted to do but never really took the time to publish it. In this blog, I will [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[525],"tags":[1149,869,129,1102,1150,382],"type_dbi":[],"class_list":["post-10423","post","type-post","status-publish","format-standard","hentry","category-enterprise-content-management","tag-certificate","tag-da","tag-documentum","tag-https","tag-self-signed","tag-ssl"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Documentum - Using DA with Self-Signed SSL Certificate - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/documentum-using-da-with-self-signed-ssl-certificate\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Documentum - Using DA with Self-Signed SSL Certificate\" \/>\n<meta property=\"og:description\" content=\"A few years ago, I was working on a Documentum project and one of the tasks was to setup all components in SSL. I already published a lot of blogs on this subject but there is one I wanted to do but never really took the time to publish it. In this blog, I will [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/documentum-using-da-with-self-signed-ssl-certificate\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-08-05T04:58:07+00:00\" \/>\n<meta name=\"author\" content=\"Morgan Patou\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@MorganPatou\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Morgan Patou\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/documentum-using-da-with-self-signed-ssl-certificate\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/documentum-using-da-with-self-signed-ssl-certificate\\\/\"},\"author\":{\"name\":\"Morgan Patou\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/c4d05b25843a9bc2ab20415dae6bd2d8\"},\"headline\":\"Documentum &#8211; Using DA with Self-Signed SSL Certificate\",\"datePublished\":\"2017-08-05T04:58:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/documentum-using-da-with-self-signed-ssl-certificate\\\/\"},\"wordCount\":1202,\"commentCount\":0,\"keywords\":[\"Certificate\",\"DA\",\"Documentum\",\"HTTPS\",\"Self-Signed\",\"SSL\"],\"articleSection\":[\"Enterprise content management\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/documentum-using-da-with-self-signed-ssl-certificate\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/documentum-using-da-with-self-signed-ssl-certificate\\\/\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/documentum-using-da-with-self-signed-ssl-certificate\\\/\",\"name\":\"Documentum - Using DA with Self-Signed SSL Certificate - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\"},\"datePublished\":\"2017-08-05T04:58:07+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/c4d05b25843a9bc2ab20415dae6bd2d8\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/documentum-using-da-with-self-signed-ssl-certificate\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/documentum-using-da-with-self-signed-ssl-certificate\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/documentum-using-da-with-self-signed-ssl-certificate\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Documentum &#8211; Using DA with Self-Signed SSL Certificate\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/c4d05b25843a9bc2ab20415dae6bd2d8\",\"name\":\"Morgan Patou\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g\",\"caption\":\"Morgan Patou\"},\"description\":\"Morgan Patou has over 12 years of experience in Enterprise Content Management (ECM) systems, with a strong focus in recent years on platforms such as Alfresco, Documentum, and M-Files. He specializes in the architecture, setup, customization, and maintenance of ECM infrastructures in complex &amp; critical environments. Morgan is well-versed in both engineering and operations aspects, including high availability design, system integration, and lifecycle management. He also has a solid foundation in open-source and proprietary technologies - ranging from Apache, OpenLDAP or Kerberos to enterprise-grade systems like WebLogic. Morgan Patou holds an Engineering Degree in Computer Science from ENSISA (\u00c9cole Nationale Sup\u00e9rieure d'Ing\u00e9nieurs Sud Alsace) in Mulhouse, France. He is Alfresco Content Services Certified Administrator (ACSCA), Alfresco Content Services Certified Engineer (ACSCE) as well as OpenText Documentum Certified Administrator. His industry experience spans the Public Sector, IT Services, Financial Services\\\/Banking, and the Pharmaceutical industry.\",\"sameAs\":[\"https:\\\/\\\/blog.dbi-services.com\\\/author\\\/morgan-patou\\\/\",\"https:\\\/\\\/x.com\\\/MorganPatou\"],\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/author\\\/morgan-patou\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Documentum - Using DA with Self-Signed SSL Certificate - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/documentum-using-da-with-self-signed-ssl-certificate\/","og_locale":"en_US","og_type":"article","og_title":"Documentum - Using DA with Self-Signed SSL Certificate","og_description":"A few years ago, I was working on a Documentum project and one of the tasks was to setup all components in SSL. I already published a lot of blogs on this subject but there is one I wanted to do but never really took the time to publish it. In this blog, I will [&hellip;]","og_url":"https:\/\/www.dbi-services.com\/blog\/documentum-using-da-with-self-signed-ssl-certificate\/","og_site_name":"dbi Blog","article_published_time":"2017-08-05T04:58:07+00:00","author":"Morgan Patou","twitter_card":"summary_large_image","twitter_creator":"@MorganPatou","twitter_misc":{"Written by":"Morgan Patou","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/documentum-using-da-with-self-signed-ssl-certificate\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/documentum-using-da-with-self-signed-ssl-certificate\/"},"author":{"name":"Morgan Patou","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8"},"headline":"Documentum &#8211; Using DA with Self-Signed SSL Certificate","datePublished":"2017-08-05T04:58:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/documentum-using-da-with-self-signed-ssl-certificate\/"},"wordCount":1202,"commentCount":0,"keywords":["Certificate","DA","Documentum","HTTPS","Self-Signed","SSL"],"articleSection":["Enterprise content management"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/documentum-using-da-with-self-signed-ssl-certificate\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/documentum-using-da-with-self-signed-ssl-certificate\/","url":"https:\/\/www.dbi-services.com\/blog\/documentum-using-da-with-self-signed-ssl-certificate\/","name":"Documentum - Using DA with Self-Signed SSL Certificate - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"datePublished":"2017-08-05T04:58:07+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/documentum-using-da-with-self-signed-ssl-certificate\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/documentum-using-da-with-self-signed-ssl-certificate\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/documentum-using-da-with-self-signed-ssl-certificate\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Documentum &#8211; Using DA with Self-Signed SSL Certificate"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8","name":"Morgan Patou","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g","caption":"Morgan Patou"},"description":"Morgan Patou has over 12 years of experience in Enterprise Content Management (ECM) systems, with a strong focus in recent years on platforms such as Alfresco, Documentum, and M-Files. He specializes in the architecture, setup, customization, and maintenance of ECM infrastructures in complex &amp; critical environments. Morgan is well-versed in both engineering and operations aspects, including high availability design, system integration, and lifecycle management. He also has a solid foundation in open-source and proprietary technologies - ranging from Apache, OpenLDAP or Kerberos to enterprise-grade systems like WebLogic. Morgan Patou holds an Engineering Degree in Computer Science from ENSISA (\u00c9cole Nationale Sup\u00e9rieure d'Ing\u00e9nieurs Sud Alsace) in Mulhouse, France. He is Alfresco Content Services Certified Administrator (ACSCA), Alfresco Content Services Certified Engineer (ACSCE) as well as OpenText Documentum Certified Administrator. His industry experience spans the Public Sector, IT Services, Financial Services\/Banking, and the Pharmaceutical industry.","sameAs":["https:\/\/blog.dbi-services.com\/author\/morgan-patou\/","https:\/\/x.com\/MorganPatou"],"url":"https:\/\/www.dbi-services.com\/blog\/author\/morgan-patou\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/10423","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=10423"}],"version-history":[{"count":0,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/10423\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=10423"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=10423"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=10423"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=10423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}