KB Article #180315
How to manually update certificates in Sentinel after PassPort 2019 certificate renewal ?
Problem
How to manually update Sentinel certificates after PassPort 2019 certificate renewal, used for AM or SSO ?
Resolution
The default Axway certificates can be renewed via 4.2.0 SP 16 and the manual procedure is an alternative.
This procedure can be used with all Sentinel versions.
Option 1
Go to <install_folder>/Sentinel/conf/security and overwrite the existing keystore.jks, truststoreSSO.jks and truststorePassport.jks with these: keystore.jks, truststoreSSO.jks and truststorePassport.jks
Option 2
This
option may be needed if you have some other valid certificates in
the truststores, that you want to keep (like for example, when using
CG).
- Go to <install_folder>/Sentinel/conf/security
- Delete the tomcat certificate from keystore.jks present in the installation: keytool -delete -alias tomcat -keystore keystore.jks
- Import the content of the attached keystore_new.jks in the existing keystore.jks: keytool.exe -importkeystore -srckeystore keystore_new.jks -destkeystore keystore.jks
- Import the attached passportca.crt in the truststoreSSO.jks and truststorePassport.jks files present in the installation:
Example: keytool -importcert -file passportca.crt -destkeystore truststoreSSO.jks -alias passport
For version 4.1.0 or older the steps are the same, only that the jks files are found in path <install_folder>/Common/config/certs instead of <install_folder>/Sentinel/conf/security.
Related articles:
https://support.axway.com/kb/180293/language/en
https://support.axway.com/kb/180303/language/en