Problem

How to manually update the default Sentinel user certificate (tomcat in keystore.jks)?

Resolution

Product-delivered tomcat user certificate provided by Axway will expire on the 14th of March 2024.

Below are the steps to manually update the tomcat certificate.

The following solution applies ONLY if you did NOT change the Axway certificates with your own.

Before proceeding to update the certificate, make a backup of the file <install_folder>/Sentinel/conf/security/keystore.jks.

This procedure can be used with all Sentinel versions.

Option 1

Download the keystore_new.jks and rename it to keystore.jks.

Go to <install_folder>/Sentinel/conf/security and overwrite the existing keystore.jks

Option 2

This option may be needed if you have some other valid certificates in the keystore.jks, that you want to keep (like for example when using SAML SSO). If you are not sure and want to check the certificates in your existing keystore.jks, you can use the command : keytool -v -list -keystore <install_folder>/Sentinel/conf/security/keystore.jks

To update the certificate, go to <install_folder>/Sentinel/conf/security

Delete the tomcat certificate from keystore.jks present in the installation:
keytool -delete -alias tomcat -keystore <install_folder>/Sentinel/conf/security/keystore.jks

Import the content of the attached keystore_new.jks in the existing keystore.jks:

keytool -importkeystore -srckeystore keystore_new.jks -destkeystore <install_folder>/Sentinel/conf/security/keystore.jks

After updating the certificate, a restart of Sentinel is required for the update to take effect