Page Comparison

The CA certificate must be exported to be used in Protocol Gateway to trust the CA. 

In Administrator's workbench (AWB),

1. Select the Officer and System CA. 
2. In the menu, select Cross > Export Certificate > Binary.
3. Store the certificate as SystemCA.cer.
   This certificate shall be used later in the Protocol Gateway configuration.

1. Copy the Protocol Gateway Officer token and the Protocol Gateway RA token to the Protocol Gateway \conf folder, for example C:\ProgramData\Nexus\cm-gateway\conf\certdir.
   
   1. protocol-gateway-vro.p12
      This is needed for Protocol Gateway as a virtual registration officer, when devices request certificates in an automated workflow. 
   2. protocol-gateway-ra.p12
      This is needed for certain protocols (EST, CMP, CMC and SCEP), for example for Full PKI requests. The specified RA token is used to establish secure transactions with the end entities requesting certificates. For more information on Full PKI Requests, see the CMC specification: RFC 5272 Section 3.2.

For Protocol Gateway to trust the CM host: 

1. Copy the TLS CA certificate SystemCA.cer to the \conf\certdir trust store folder, for example C:\ProgramData\Nexus\cm-gateway\conf\certdir.

• Start the Protocol Gateway by starting the Tomcat service.