KB Article #178099
Tomcat certificate expiration (2nd of September)
Context:
Tomcat sample certificate provided by Axway will expire on the 2nd of September.
Goal:
Provide updated certificates for customers who are still using Axway sample certificates, to avoid issues on production.
Customers impacted:
Customer using Sentinel, AISuite (Interplay, Datastore and Rule Engine Server), Composer in production with the default Axway sample certificates and SSL/TLS protocols.
Axway products impacted:
Sentinel (4.2.0, 4.1.0, 4.0.1), AISuite (2.2.1, 2.1.0) (Interplay, Datastore and Rule Engine Server)
Impacts:
- Connection to UI in HTTPS
- Deployment issue (AISuite)
- Self-registration with PassPort
Steps:
- Check that you are using Axway certificates and the expiration date
You can use the keytool.exe provided in our embedded java.
keytool.exe -v -list -keystore keystore.jks
No password is required
Alias name: tomcat
Creation date: 2 sept. 2014
Entry type: PrivateKeyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=Tomcat, O=Axway, C=FR
Issuer: CN=PassPort SSO CA, O=Axway, C=FR
Serial number: 16
Valid from: Tue Sep 02 15:43:00 CEST 2014 until: Fri Sep 02 15:43:00 CEST 2016
Certificate fingerprints:
MD5:CF:70:6E:E0:20:E9:AB:47:EC:97:E2:7D:9E:D4:A3:6B
SHA1: 03:4D:77:15:E5:21:57:59:34:BA:F2:BE:21:94:77:78:D7:69:C3:EB
SHA256: 24:99:69:AF:F8:6D:B1:CD:13:1E:66:9A:D9:6C:A2:95:22:20:C6:9F:F1:
DC:9C:60:5E:B7:D9:09:2E:81:86:B1
Signature algorithm name: SHA1withRSA
Version: 3
After the change, you should have this:
Alias name: tomcat
Creation date: 31 mai 2016
Entry type: PrivateKeyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=Tomcat, O=Axway, C=FR
Issuer: CN=PassPort SSO CA, O=Axway, C=FR
Serial number: 1d
Valid from: Tue May 31 11:44:00 CEST 2016 until: Thu May 31 11:44:00 CEST 2018
Certificate fingerprints:
MD5:5D:89:06:85:A0:24:1B:6E:49:3B:81:38:F3:C7:90:1C
SHA1: B4:F3:D8:09:48:33:4F:C0:96:BC:34:30:3B:1B:D5:85:5F:6E:F8:7E
SHA256: 81:2B:39:95:B0:2A:0F:02:19:F6:AC:0B:D8:D4:2B:32:F6:4E:09:E2:15:
67:D5:19:34:04:B5:E9:A9:AD:D2:20
Signature algorithm name: SHA256withRSA
Version: 3
- Update the certificates
Update certificates provided in ServicePack.
For Sentinel, the updated certificates are included in:
- Sentinel 4.0.1 SP9 (ETA 31/08/2016)
- Sentinel 4.1.0 SP6 (ETA 31/08/2016)
- Sentinel 4.2.0 SP4 (ETA 29/07/2016)
No updated version of the certificates will be included in AISuite ServicePack
- Manual replacement:
- Sentinel
- For Sentinel 4.0.1 and 4.1.0, use the procedure described https://support.axway.com/en/articles/article-details/id/176490/do/search
- For Sentinel 4.2.0 copy the provided jks files in the directory ../<Sentinel>/conf/security
- AISuite (Datastore, Interplay and Rule Engine Server)
- Copy the provided jks files in the following directory:
- For AISuite 2.2.1../<AIS>/Tools/config/certs
- For AISuite 2.1.0, you need to use the procedure described https://support.axway.com/en/articles/article-details/id/176490/do/search but using the provided the attachment here.
- Copy the provided jks files in the following directory:
- Composer
- Replace the file called keystore.jks found under ../<INSTALL>/Common/config/certs with the attached file
- Sentinel