KB Article #180315

How to manually update certificates in Sentinel after PassPort 2019 certificate renewal ?

Problem

How to manually update Sentinel certificates after PassPort 2019 certificate renewal, used for AM or SSO ?

Resolution

The default Axway certificates can be renewed via 4.2.0 SP 16 and the manual procedure is an alternative.

This procedure can be used with all Sentinel versions.


Option 1
Go to <install_folder>/Sentinel/conf/security and overwrite the existing keystore.jks, truststoreSSO.jks and truststorePassport.jks with these: keystore.jks, truststoreSSO.jks and truststorePassport.jks

Option 2
This option may be needed if you have some other valid certificates in the truststores, that you want to keep (like for example, when using CG).

  1. Go to <install_folder>/Sentinel/conf/security
  2. Delete the tomcat certificate from keystore.jks present in the installation: keytool -delete -alias tomcat -keystore keystore.jks
  3. Import the content of the attached keystore_new.jks in the existing keystore.jks: keytool.exe -importkeystore -srckeystore keystore_new.jks -destkeystore keystore.jks
  4. Import the attached passportca.crt in the truststoreSSO.jks and truststorePassport.jks files present in the installation:

Example: keytool -importcert -file passportca.crt -destkeystore truststoreSSO.jks -alias passport

For version 4.1.0 or older the steps are the same, only that the jks files are found in path <install_folder>/Common/config/certs instead of <install_folder>/Sentinel/conf/security.


Related articles:

https://support.axway.com/kb/180293/language/en
https://support.axway.com/kb/180303/language/en