JavaScript must be enabled in order to use this site.Please enable JavaScript in your browser and refresh the page. Installing CA certificates To use X.509 client certificates for authentication, a keystore with CA certificate(s) must be placed in the installation directory. Procedure If you do not yet have a keystore, follow these steps: Create a keystore and import the CA certificate(s) by executing the following command:. ><installation dir>/jdk/bin/keytool -importcert -alias cacert -keystore <installation dir>/tomcat/certs/<keystore filename> -file <certificate filename> CA certificates can be in either PEM format or DER format. Example for Windows: > C:\tibco\tss\<version>\jdk\bin\keytool -importcert -alias cacert -keystore C:\tibco\tss\<version>\tomcat\certs\example.jks -file cacert.cer where "example" in example.jks is the server hostname. Repeat the previous step for each additional CA certificate. When you have a keystore containing the CA certificate(s), copy the keystore file to the <installation dir>/tomcat/certs directory. Note: The keystore containing the CA certificate(s) can be in either PKCS #12 or JKS format. Related tasks Configuring Spotfire Server to require client certificates for HTTPS Configuring Spotfire Server to use X.509 client certificates to authenticate users Copyright © TIBCO Software Inc. All rights reserved.