Skip to main content
Support

KB Article #176490

Modifying the keystore for Tomcat Server

To modify the Infrastructure keystore file with your own values, you must follow the procedure below and not change anything manually. It is recommended that the latest SP available for Infrastructure is installed before proceeding.

In the attachment a sample certificate is provided for testing purposes only. The keystore password is “axway*”.
Axway strongly recommends to use your own certificates for security reasons.

From your installation, make sure that all components are stopped and that you have the keystore files installed.

From the directory where your Admin scripts are located, enter in the command line the following:
  • Windows: Administration.bat
  • UNIX: Administration
Enter the update-store command line parameter.

Usage section is displayed:

$ ./Administration update-store

usage: Administration updatestore --type <type> --storepath <path>

[--storepass <password>]

-n,--nocheck don't check store information

-p,--storepath <arg> path to the new store

-s,--storepass <arg> store password

-t,--type <arg> store type to be modified (can be any of

ssl_keystore, sso_trustore,

selfregistration_truststore)


Specify the location to the keystore files and enter your password.

$ ./Administration update-store --type ssl_keystore --storepath /<path to keystore>/keystore.jks --storepass '<password>' Writing new configuration

Launching Synchrony

Installer initialization in progress Please verify that the directory "SynchronyInstaller#" has been deleted in the temp directory.


If you entered the wrong password, an error message is displayed as follows:

$ ./Administration update-store --type ssl_keystore --storepath /<path to keystore>/keystore.jks --storepass '<bad password>'

An error occured while changing store

Exception: Could not check source store: Keystore was tampered with, or password was incorrect

Caused by: Keystore was tampered with, or password was incorrect


You can deactivate the password check by entering the –nocheck command.
$ ./Administration update-store --type ssl_keystore --storepath /<path to keystore>/keystore.jks --storepass '<bad password>' --nocheck

After the keystore has been modified, in order to confirm the validity dates, the following openssl command can be executed :
openssl s_client -connect host:port 2>/dev/null </dev/null | openssl x509 -noout -dates


Note : If Administration 4.5 is used please also read the following article:
https://support.axway.com/kb/176505/language/en