Skip to main content

ControlSuite: How to configure DWS when using signed certificates for Equitrac Services

Article # 3032217 - Page views: 465



In the older versions of Equitrac 6, when Device Control Engine (DCE) is configured to use signed certificates, the DCE would simply be accepted by a Device Web Service (DWS) and communication would pass freely with no issues being seen.  However, in later versions of Equitrac 6 (6.2.X) DWS will no longer accept signed certificates from the DCE and if you have a customer using a signed certificate it is likely that the DWS will not communicate with the DCE server.  This is commonly seen when using the unified client with signed certificates. 


To overcome this and allow DWS to trust the DCE signed certificate, our DWS server needs to import its root certificate.  After this Root CA is imported, DCE will then trust the child certificates, allowing DWS communication to the DCE.

To do this, perform the following:

  1. Obtain the root CA certificate from your customer.
  2. Backup the cacerts file (located at <DWS installation folder>\JDK\jre\lib\security\cacerts)

Where <DWS installation folder> is the location DWS is installed : normally C:\Program Files\Kofax\Shared Services\DWS

  1. Using an administrative command prompt, navigate to <DWS installation folder>\JDK\jre\bin
  2. Run the following command:

keytool.exe -import -file <Root certificate file> -keystore <DWS installation folder>\JDK\jre\lib\security\cacerts -trustcacerts

Where <Root certificate file> is the full path and file name of the root certificate

  1. Enter the password when prompted. The default JAVA Keystore password is changeit
  2. Restart DWS and communication should resume between DWS and DCE.


Applies to:  

Product Version
ControlSuite Equitrac 6.2 and newer