KB Article #176490
Modifying the keystore for Tomcat Server
To modify the Infrastructure keystore file with your own values, you must follow the procedure below and not change anything manually. It is recommended that the latest SP available for Infrastructure is installed before proceeding.
In the attachment a sample certificate is provided for testing purposes only. The keystore password is “axway*”.
Axway strongly recommends to use your own certificates for security reasons.
From your installation, make sure that all components are stopped and that you have the keystore files installed.
From the directory where your Admin scripts are located, enter in the command line the following:Enter the update-store command line parameter.
- Windows: Administration.bat
- UNIX: Administration
Usage section is displayed:
$ ./Administration update-store usage: Administration updatestore --type <type> --storepath <path> [--storepass <password>] -n,--nocheck don't check store information -p,--storepath <arg> path to the new store -s,--storepass <arg> store password -t,--type <arg> store type to be modified (can be any of ssl_keystore, sso_trustore, selfregistration_truststore) |
Specify the location to the keystore files and enter your password.
$ ./Administration update-store --type ssl_keystore --storepath /<path to keystore>/keystore.jks --storepass '<password>' Writing new configuration Launching Synchrony Installer initialization in progress Please verify that the directory "SynchronyInstaller#" has been deleted in the temp directory. |
If you entered the wrong password, an error message is displayed as follows:
$ ./Administration update-store --type ssl_keystore --storepath /<path to keystore>/keystore.jks --storepass '<bad password>' An error occured while changing store Exception: Could not check source store: Keystore was tampered with, or password was incorrect Caused by: Keystore was tampered with, or password was incorrect |
You can deactivate the password check by entering the –nocheck command.
$ ./Administration update-store --type ssl_keystore --storepath /<path to keystore>/keystore.jks --storepass '<bad password>' --nocheck |
After the keystore has been modified, in order to confirm the validity dates, the following openssl command can be executed :
openssl s_client -connect host:port 2>/dev/null </dev/null | openssl x509 -noout -dates
Note : If Administration 4.5 is used please also read the following article:
https://support.axway.com/kb/176505/language/en