KB Article #180325

How to manually update Electronic Signature certificates after PassPort 2019 certificate renewal ?​

Problem


How to manually update Electronic Signature certificates after PassPort 2019 certificate renewal ?



Resolution

Here are the steps required to upgrade the PassPort root certificate and was qualified on Electronic Signature 2.11.

On the Electronic Signature side:

  1. Stop Electronic Signature.

On the PassPort side:

  1. Stop PassPort.
  2. Upgrade PassPort to 4.6.0 SP19.
  3. Restart PassPort.

On the Electronic Signature side:

  1. Back up the folder /data/conf/passport
  2. Inside this folder, rename the certificate in passport_trustore.jks, alias passportca to any other alias
    You can use any tool, such as keytool: keytool -changealias -alias "passportca" -destalias "passportca1" -keystore passport_truststore.jks -storepass <AnyPassword>
  3. Import the new certificate (provided below) under the alias passportca to data/conf/passport/passport_truststore.jks and trust it. DO NOT REMOVE OTHER ALIASES
    For example: keytool -import -file newCert.cer -keystore passport_truststore.jks -alias passportca -storepass <AnyPassword>
-----BEGIN CERTIFICATE-----
MIIDmDCCAoCgAwIBAgIIMJ2Psp+51uYwDQYJKoZIhvcNAQELBQAwUjELMAkGA1UE
BhMCUk8xEjAQBgNVBAcTCUJ1Y2hhcmVzdDEOMAwGA1UEChMFQXh3YXkxDDAKBgNV
BAsMA1ImRDERMA8GA1UEAxMIUGFzc1BvcnQwHhcNMTkwMzE0MDAwMDAwWhcNMjkw
MzEzMjM1OTU5WjBSMQswCQYDVQQGEwJSTzESMBAGA1UEBxMJQnVjaGFyZXN0MQ4w
DAYDVQQKEwVBeHdheTEMMAoGA1UECwwDUiZEMREwDwYDVQQDEwhQYXNzUG9ydDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANH0Q/N+lvc9YZrgzPdHInDJ
2YrW04u6LywN7M0uGTp/V2h83bZwyGfm0gNq2esfGFzqs4WMM3AYvv32jVLL/1er
HmWCZIsbVED0iFSzcEqZAMcqp8GXR9t1xjNTt9uRSgx2mBHK+SrvqkPY5tKjx/72
qBG4TZSSWDXXhvSSkRKM+QbWiiUZ4e5ikrfdCctQy8BqpHeWNys+vYMpAjhB0SvY
OBbjCdPwPG3QRBiaWfM9pKPyWMWz2ZxtOyCwNdBEtMoPi4KBExTvdPeGajz+2DdF
j0acBeXQyN7es0m73qMGycJw+1Q9INVblKSD1WbCLZN6k4uuiHv/CiqC4fRoyVUC
AwEAAaNyMHAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU4OE1fuCA7b/nP9CL
uKP/XAlWXZEwCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzAeBglghkgB
hvhCAQ0EERYPeGNhIGNlcnRpZmljYXRlMA0GCSqGSIb3DQEBCwUAA4IBAQBp+A29
hN9plFaW1vW84Sv/HBcBOUGBkoskpjTz4XLkgP+rHUSR8hokhbdy/AtcwjIZWIv/
41GzDAiFdkl2nvdf/TiMofCLXaRqF6VTlg2jIbwWApSOZngutzMJ4yu89i9nFxv1
EulvRFecmpy9a2RO1ID0XPocUH0a/5tp8jm2qFepPA4XgTsX+tdfoP/NIeXOgHlD
z/oCL10YDIKxmAbo9fzTHku8uldjXQQJJPflGhhIEp+Yad92HzNmTCC/LxZmODmR
k/2ipaNcr59ltmd6HsfwbRwBKmU5+XhLTp1N9hn63yJoXN9AeWcoF3DiqImr/F0z
eCSB3mLAth1tVI32
-----END CERTIFICATE-----

4. Restart Electronic Signature

Note: If any inconsistency occurs between PassPort and Electronic Signature, you may experience a message similar to:

Caused by: com.axway.passport.api.network.NetworkException: org.apache.http.conn.HttpHostConnectException: Connect to <host> [<host>/<IP>, <Host>/IP, <host>/fe80:0:0:0:5562:e1:9e55:cf27%13, <host>/fe80:0:0:0:1d8e:8b22:707f:d8%2] failed: Connection refused: connect
at com.axway.passport.am.api.v2.network.NetworkHandler.sendData(NetworkHandler.java:109

In this case, make sure that PassPort is updated to version 4.6.0 SP19 (or later).


Related articles
https://support.axway.com/kb/180293/language/en
https://support.axway.com/kb/180303/language/en