Importing a trust certificate for SMTP server in SSMC

Procedure
  1. Obtain the server trust certificate, usually the root certificate of the SMTPS server that you intend to configure in SSMC. Place the certificate in your home folder as a Privacy-Enhanced Mail (PEM) encoded x.509 certificate.

    /home/ssmcadmin/smtp-ca.pem

  2. Add the keytool binary to your system path prior to executing it, if not done already.

    export PATH=/opt/hpe/ssmc/ssmcbase/fips/jre/bin:$PATH

  3. Generate a new trust store for your SSMC SMTP server interaction using one of the following Java keytool commands from the /opt/hpe/ssmc/ssmcbase/data/StoreServMC/smtp directory of the SSMC host system:

    • Non-FIPS mode:

      keytool -import -trustcacerts -file ~/smtp-ca.pem -alias smtp-trust -keystore smtp-truststore

    • FIPS mode:

      keytool -import -trustcacerts -file ~/smtp-ca.pem -alias smtp-trust -keystore smtp-truststore -deststoretype BCFKS -providerpath /opt/hpe/ssmc/ssmcbase/bcFipsJars/bc-fips-1.0.1.jar -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -storepass <password>

  4. Verify if you have the trust store file named smtp-truststore in the /opt/hpe/ssmc/ssmcbase/data/StoreServMC/smtp directory.
  5. Adjust the file permission and ownership to smtp-truststore: 
    chmod 640 ./smtp-truststore
chown ssmcadmin:hpe3parssmcuser ./smtp-truststore
  6. Set the password you choose for this trust store by assigning it to the property in /opt/hpe/ssmc/ssmcbase/resources/ssmc.properties.

    smtp.truststore.password=<password>

    To generate and set an obfuscated password in the configuration file, see the section Using obfuscated passwords in configuration files.