KB Article #180325
How to manually update Electronic Signature certificates after PassPort 2019 certificate renewal ?
Problem
How to manually update Electronic Signature certificates after PassPort 2019 certificate renewal ?
Resolution
Here are the steps required to upgrade the PassPort root certificate and was qualified on Electronic Signature 2.11.
On the Electronic Signature side:
- Stop Electronic Signature.
On the PassPort side:
- Stop PassPort.
- Upgrade PassPort to 4.6.0 SP19.
- Restart PassPort.
On the Electronic Signature side:
- Back up the folder
/data/conf/passport
- Inside this folder, rename the certificate in
passport_trustore.jks
, alias passportca to any other alias
You can use any tool, such as keytool:keytool -changealias -alias "passportca" -destalias "passportca1" -keystore passport_truststore.jks -storepass <AnyPassword>
- Import the new certificate (provided below) under the alias passportca to
data/conf/passport/passport_truststore.jks
and trust it. DO NOT REMOVE OTHER ALIASES
For example:keytool -import -file newCert.cer -keystore passport_truststore.jks -alias passportca -storepass <AnyPassword>
-----BEGIN CERTIFICATE-----
MIIDmDCCAoCgAwIBAgIIMJ2Psp+51uYwDQYJKoZIhvcNAQELBQAwUjELMAkGA1UE
BhMCUk8xEjAQBgNVBAcTCUJ1Y2hhcmVzdDEOMAwGA1UEChMFQXh3YXkxDDAKBgNV
BAsMA1ImRDERMA8GA1UEAxMIUGFzc1BvcnQwHhcNMTkwMzE0MDAwMDAwWhcNMjkw
MzEzMjM1OTU5WjBSMQswCQYDVQQGEwJSTzESMBAGA1UEBxMJQnVjaGFyZXN0MQ4w
DAYDVQQKEwVBeHdheTEMMAoGA1UECwwDUiZEMREwDwYDVQQDEwhQYXNzUG9ydDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANH0Q/N+lvc9YZrgzPdHInDJ
2YrW04u6LywN7M0uGTp/V2h83bZwyGfm0gNq2esfGFzqs4WMM3AYvv32jVLL/1er
HmWCZIsbVED0iFSzcEqZAMcqp8GXR9t1xjNTt9uRSgx2mBHK+SrvqkPY5tKjx/72
qBG4TZSSWDXXhvSSkRKM+QbWiiUZ4e5ikrfdCctQy8BqpHeWNys+vYMpAjhB0SvY
OBbjCdPwPG3QRBiaWfM9pKPyWMWz2ZxtOyCwNdBEtMoPi4KBExTvdPeGajz+2DdF
j0acBeXQyN7es0m73qMGycJw+1Q9INVblKSD1WbCLZN6k4uuiHv/CiqC4fRoyVUC
AwEAAaNyMHAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU4OE1fuCA7b/nP9CL
uKP/XAlWXZEwCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzAeBglghkgB
hvhCAQ0EERYPeGNhIGNlcnRpZmljYXRlMA0GCSqGSIb3DQEBCwUAA4IBAQBp+A29
hN9plFaW1vW84Sv/HBcBOUGBkoskpjTz4XLkgP+rHUSR8hokhbdy/AtcwjIZWIv/
41GzDAiFdkl2nvdf/TiMofCLXaRqF6VTlg2jIbwWApSOZngutzMJ4yu89i9nFxv1
EulvRFecmpy9a2RO1ID0XPocUH0a/5tp8jm2qFepPA4XgTsX+tdfoP/NIeXOgHlD
z/oCL10YDIKxmAbo9fzTHku8uldjXQQJJPflGhhIEp+Yad92HzNmTCC/LxZmODmR
k/2ipaNcr59ltmd6HsfwbRwBKmU5+XhLTp1N9hn63yJoXN9AeWcoF3DiqImr/F0z
eCSB3mLAth1tVI32
-----END CERTIFICATE-----
4. Restart Electronic Signature
Note: If any inconsistency occurs between PassPort and Electronic Signature, you may experience a message similar to:
Caused
by: com.axway.passport.api.network.NetworkException:
org.apache.http.conn.HttpHostConnectException: Connect to <host>
[<host>/<IP>, <Host>/IP,
<host>/fe80:0:0:0:5562:e1:9e55:cf27%13,
<host>/fe80:0:0:0:1d8e:8b22:707f:d8%2] failed: Connection refused:
connect
at com.axway.passport.am.api.v2.network.NetworkHandler.sendData(NetworkHandler.java:109
In this case, make sure that PassPort is updated to version 4.6.0 SP19 (or later).
Related articles
https://support.axway.com/kb/180293/language/en
https://support.axway.com/kb/180303/language/en