Using Keystore Management Tool To Configure LDAPS or Content Migration Wizard in SSL Environments

In order to configure LDAPS or set up migration environments on environments that are running with SSL, you must start by exporting the certificate and load it into the java cacerts keystore.

It must be done where the Runtime Engine, Task Engine, and the Web Server has been installed.

The certificated must be the same as you have configured on the LDAPS server.

For instructions on how to do this see below:


1.     Open the Run dialog, select the Windows and keys.

2.     Open the Microsoft Management Console (MMC) by entering mmc in the Run dialog, then select OK.

3.     On the User Account Control prompt, click Yes to launch MMC as administrator.

4.     From the File menu, click Add/Remove Snap-in...

5.     In the Certificates snap-in wizard, choose Computer account, then select Next.

6.     On the Select Computer page, choose Local computer: (the computer this console is running on), then select Finish.

7.     In the Add or Remove Snap-ins dialog, click OK to add the certificates snap-in to MMC.

8.     In the MMC window, expand Console Root. Select Certificates (Local Computer), then expand the Personal node, followed by the Certificates node.


9. Choose the certificate in the step as shown, such as yourdomain.com. Right-select this certificate, then choose  All Tasks > Export...


  1.     Do not export the private key.
  2.     Select either the first or second option (ending in .CER).
  3.     Select relevant path and file name

10.   Open 'Command Prompt' and use 'keytool' to import the certificate to Java.

  1. Enter the path to the keytool and enter the command in the example below. Note that the keytool is located within the bin folder in the Java directory (like C:\Program Files\Pyramid\java\bin)
  2. For Linux /opt/pyramid/java/bin 


For Pyramid 2020 onwards:


keytool -keystore "C:\Program Files\Pyramid\java\lib\security\cacerts" -import -alias certificate -file “[saved-path]\[certificate-name].cer”


sudo keytool -keystore "/opt/pyramid/java/lib/security/cacerts" -import -alias certificate -file "[saved-path]/[certificate-name].cer”

If the keytool is not found, you will get prompted with the command to run to install it. Install it using the command relevant to your Linux version. 

For Pyramid 2018:

keytool -keystore “C:\Program Files\Pyramid2018\java8\jre\bin\lib\security\cacerts” -import -alias certificate -file “[saved-path]\[certificate-name].cer”

The location could be in another place depending on Pyramid version.


Be aware of the difference between the two examples above, and use the appropriate option. Depending on which option is relevant to you, there may or may not be a space in "Pyramid"


Saved-path – the location where the Certificate.pfx was saved.

Certificate-name - this is the name that the certificate was saved as.

  1. Next, click Enter and enter the password (the default password is 'changeit') and click Enter.
  2. Next, under Trust this computer, enter 'y' and press Enter.

11.   Open task manager, go to services, restart the Runtime Engine, Task Engine, and Web service.


In order to delete the uploaded certificated please use the following command:

keytool -delete -alias certificate -keystore "C:\Program Files\Pyramid\java\lib\security\cacerts" -storepass changeit


12. After you have imported the certificate and restart the services go to:

1. Pyramid Admin console 

2. Access > Authentication and update the following settings:

LDAP Address change to your LDAPS address

Change the port to 636 or 3269.

Click the Apply button.




How to import a certificate into Java: Here

How to export the certificated from the PC: Here