KB Article #178204

Updating Axway passportCA and passportSSOCA

Context:

PassportSSOCA and PassportCA certificates provided by Axway will expire respectively on the 9th of August and the 28th of November


3 options to update both certificates with new ones provided by Axway:

1. Applying PassPort 4.6.0 SP20 which includes the new certificates

This is the easiest way and the one recommended one by Axway.



2. Replacing the jks files ("containers" where the certificates are stored) with the jks provided in attachment

In the jks-dist-SP20.zip archive you will find the jks files that SP20 is overwriting, in the exact folder structure found in the installation. Putting this on top of your Passport installation folder will do exactly what the SP20 application is doing in terms of certificates renewal.

If you have customized the jks (added another non-Axway certificate), your certificates will be overwritten so you will need to import it again or use the latest procedure to import manually the Axway certificates in the jks.



3. Replacing manually the certificates stored in the jks files (not recommended)

First of all, you will need to replace the file …/PassPort/conf/security/passportca.pem by the one in attachment.

Then for modifying the jks, you can use the keytool provided in our embedded java.

The commands are for linux but this is the same for Windows (instead of ./keytool, use keytool.exe)

These are the jks that need to be modified:

    • ssl.jks located in …/PassPort/conf/security
    • sso.jks located in …/PassPort/conf/security
    • truststore.jks located in …/PassPort/conf/security
    • ssofilter.jks located in …/PassPort/webapps/WEB-INF
    • truststore.jks located in …/PassPort/webapps/WEB-INF
    • sso.jks located in …/PassPort/sso/webapps/ROOT
    • truststore.jks located in …/PassPort/sso/webapps/ROOT


  • For ssl.jks (…/PassPort/conf/security)
    • Make a backup of the jks files first
    • Delete the previous certificate from the jks
      • ./keytool -delete -alias passportsecured -keystore <PATH of ssl.jks>
    • Import the updated certificates provided in attachment:
      • ./keytool -importkeystore -srckeystore <PATH of passportsecured.p12> -srcstoretype PKCS12 -destkeystore <PATH of ssl.jks> -deststoretype JKS

Password: axway*


  • For sso.jks (…/PassPort/conf/security)
    • Make a backup of the jks files first
    • Delete the previous certificate from the jks
      • ./keytool -delete -alias passportsso -keystore <PATH of sso.jks>
    • Import the updated certificates provided in attachment:
      • ./keytool -importkeystore -srckeystore <PATH of passportsso.p12> -srcstoretype PKCS12 -destkeystore <PATH of sso.jks> -deststoretype JKS

Password: axway*


  • For truststore.jks (…/PassPort/conf/security)
    • Make a backup of the jks files first
    • Delete the previous certificate from the jks
      • ./keytool -delete -alias passportca -keystore <PATH of truststore.jks>
    • Import the updated certificates provided in attachment:
      • ./keytool -importkeystore -srckeystore <PATH of passportca.p12> -srcstoretype PKCS12 -destkeystore <PATH of truststore.jks> -deststoretype JKS

Password: axway*


  • For ssofilter.jks (…/PassPort/webapps/WEB-INF)
    • Make a backup of the jks files first
    • Delete the previous certificate from the jks
      • ./keytool -delete -alias passportssofilter -keystore <PATH of ssofilter.jks>
    • Import the updated certificates provided in attachment:
      • ./keytool -importkeystore -srckeystore <PATH of passportssofilter.p12> -srcstoretype PKCS12 -destkeystore <PATH of ssofilter.jks> -deststoretype JKS

Password: axway*


  • For truststore.jks (…/PassPort/webapps/WEB-INF)
    • Make a backup of the jks files first
    • Delete the previous certificate from the jks
      • ./keytool -delete -alias passportca -keystore <PATH of truststore.jks>
    • Import the updated certificates provided in attachment:
      • ./keytool -importkeystore -srckeystore <PATH of passportsso.p12> -srcstoretype PKCS12 -destkeystore <PATH of truststore.jks> -deststoretype JKS

Password: axway*


  • For sso.jks (…/PassPort/sso/webapps/ROOT)
    • Make a backup of the jks files first
    • Delete the previous certificate from the jks
      • ./keytool -delete -alias passportsso -keystore <PATH of sso.jks>
    • Import the updated certificates provided in attachment:
      • ./keytool -importkeystore -srckeystore<PATH of passportsso.p12> -srcstoretype PKCS12 -destkeystore <PATH of sso.jks> -deststoretype JKS

Password: axway*


  • For truststore.jks (…/PassPort/sso/webapps/ROOT)
    • Make a backup of the jks files first
    • Delete the previous certificate from the jks
      • ./keytool -delete -alias passportca -keystore <PATH of truststore.jks>
    • Import the updated certificates provided in attachment:
      • ./keytool -importkeystore -srckeystore <PATH of passportca.p12> -srcstoretype PKCS12 -destkeystore <PATH of truststore.jks> -deststoretype JKS

Password: axway*



If you are using passportSSO with other Axway products, please check also KB 180303 for importing the certificate in the SSO registered products

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.