Instructions

Requirements

• These instructions are appropriate for Merchants using the Simple Order API or SOAP Toolkit as their connection method(s).
• This information applies to both the Production and Test environments

Obtain the Certificates from the Knowledgebase

(preferred method)

1. Download the attached file archive: 

For standard endpoints, refer to: Where can I find the most recent SSL certificates for ics2ws.ic3.com and ics2wstest.ic3.com? 

For the India Data Localization (IDL) endpoint: SSL certificates for ics2ws.in.ic3.com (India)

If you encounter difficulty obtaining these files, you may also obtain them directly from the host:

Obtain files from the host system

1. Navigate to the host your application must communicate with.

For the Simple Order and SOAP Toolkit API:

2. Download the root and intermediate certificates.

• Entrust.net
• Entrust Certification Authority - L1M

Download the Root Certificate (Entrust.net)

1. Click on File > Properties > Certificates > Certification Path tab
2. Select highest level of the certification path tree: 'Entrust.net'
3. Click View Certificate > Details tab > Copy to File... > Next > Next
4. Enter a filename (suggested filename: entrust_net.crt)
5. Click Next > Finish.

Download the Intermediate Certificate (Entrust Certification Authority - L1M)

1. Click on File > Properties > Certificates > Certification Path tab
2. Select second level of certification path tree: 'Entrust Certification Authority - L1M'
3. Click View Certificate > Details tab > Copy to File... > Next > Next
4. Enter a filename (suggested filename: entrust_L1M.crt)
5. Click Next > Finish.

Install the certificates

1. Using the command line, navigate to the directory on your computer containing the certificates and type the following commands without line breaks:

keytool -import -alias CybsEntrustNet -keystore JAVA_HOME/jre/lib/security/cacerts -file entrust_net.crt

keytool -import -alias CybsEntrustL1M -keystore JAVA_HOME/jre/lib/security/cacerts -file entrust_L1M.crt

If you downloaded the zip file instead of pulling the certificates from the host site, use the following command instead of the above 2 commands:
 

keytool -import -alias CybsEntrust -keystore JAVA_HOME/jre/lib/security/cacerts -file entrust_l1m_root_chain_combo.crt

Further explanation:

keytool is a utility included in the Java SDK used to manage SSL certificates in Java.

These instructions assume that your JDK's bin directory has been added to the PATH environment variable. If your system does not recognize keytool as a valid command you can browse to the bin directory via the command line and run the command from there. Note that in this case, you must manually set the path to the certificate using the -file command, explained below.

-import is a keytool command used to import certificates into the keystore.

-alias is a keytool command used to specify a name for a certificate being imported into the keystore.

Aliases are unique in the keystore; you must choose a different alias for each certificate, e.g., 'CybsEntrustRoot', 'CybsEntrustIntermediate', 'CybsEntrustL1M'.

-keystore is a keytool command used to specify the keystore to act upon.

JAVA_HOME is the path to your Java installation.

cacerts is the default Java keystore.

-file is a keytool command used to specify the path to the certificate to be imported.

The names of the certificates may differ from the names stated here depending on how you acquired them.

if you did not navigate to the directory where the certificates are located, you can specify the full path to the certificate, e.g.,  ?-file C:/My/Cert/Folder/SampleCertificateName.crt
 

2. Enter the password for the keystore. The default password is usually 'changeit' for Java's default keystore, cacerts.