KB Article #180447

How to manually update Integrator certificate after PassPort 2019 certificate renewal ?

Problem

How to manually update Integrator certificate after PassPort 2019 certificate renewal ?

The following Integrator components could use Passport login:

tsclient login
IntegrationServices login (deploy)
Datamapper deploy + simulation from MappingServices
DML deploy from MappingServices

Resolution

Integrator uses the common trusted root, PassportCA to authenticate via Passport. This certificate will expire on November 28, 2019.
Integrator keeps this certificate in two identical java truststores : $CORE_ROOT/extras/PassPort/truststoreIntegrator.jks and $CORE_ROOT/extras/PassPort/truststorePassPort.jks.

These truststores must be updated for Integrator to contain the new PassPort ROOT certificate(passportca.pem).

Stop B2Bi/Integrator
Make a backup of the $CORE_ROOT/extras/PassPort/truststoreIntegrator.jks, $CORE_ROOT/extras/PassPort/truststorePassPort.jks
Replace the files with the content of the truststore.jks found in the attached archive.
mv truststore.jks $CORE_ROOT/extras/PassPort/truststoreIntegrator.jks
mv truststore.jks $CORE_ROOT/extras/PassPort/truststorePassPort.jks
Make a backup of the ssl.jks, KeyPair.ser, csr.id files. Delete them from the $CORE_ROOT/extras/PassPort/ folder.
Start B2Bi/Integrator

PassPort must be upgraded also to SP20.

Note:
$CORE_ROOT/extras/PassPort/truststoreSSO.jks truststore file contains the Passport PassportSSOCA certificate, which will expire August 9, 2019. It can be updated with the new PassportSSOCA certificate present in jks-dist.zip, named ca.crt using keytool command:
keytool -import -file ca.crt -keystore <strong>truststoreSSO</strong>.jks -alias passportssoca -storepass <AnyPassword>

keystore.jks in $CORE_ROOT/extras/PassPort/ also expires on Nov 28 2019.Replace keystore.jks from $CORE_ROOT/extras/PassPort/ with tomcat.jks (renamed as keystore.jks, present in jks-dist.zip).

Problem

Resolution

Still need help?