How to verify which DevTest component is using a specific keystore?

book

Article ID: 129032

calendar_today

Updated On:

Products

CA Application Test Service Virtualization CA Continuous Application Insight (PathFinder) CA Service Virtualization (DevTest / LISA / VSE / Application Test)

Issue/Introduction



DevTest environment is configured to use SSL between components.
When accessing the DevTest via web browser, Portal and Enterprise Dashboard, we can verify the certificate being used will expire soon.
How do we verify which file needs to be replaced and which property file needs to be updated?

Environment

All supported DevTest releases.

Resolution

There are few properties files that can be configured when enabling SSL communication on DevTest environment.
phoenix.properties for Portal,
dradis.properties for Enterprise Dashboard,
local.properties for Registry and other components,
and Standalone.xml for IAM.

If the soon to expire certificate is being verified when accessing the Portal, verify the phoenix.properties to check which keystore is being used with the Portal. If the Enterprise Dashboard is showing the certificate that is about to expire, verify the dradis.properties file...

To verify the expiration date of a key, you will need to list the content or open the keystore.
Portecle or KeyStoreExplorer can used to visualize the content of the keystore file.
In the command line, you can try to execute the command below:
$JAVA_HOME/bin/keytool -list -v -keystore <path to keystore.jks>

Look for "Entry type: PrivateKeyEntry" and its "Valid from:" line - this last will show the key expiration date.
The dates need to match with what you are seeing in the browser for the certificate details. As well as the "Owner: CN" with the "Issued to" and the "Issuer CN" with the "Issued by".

<Please see attached file for image>

User-added image

<Please see attached file for image>

User-added image

If it matches, you probably found which keystore is being used.
Do a search in the properties files for the keystore name and you will find all the properties files that is using this key.
Once you have the new key generated, replace the properties that are pointing to the expiring keystore.

Attachments

1558688991699000129032_sktwi1f5rjvs16fsv.png get_app
1558688988912000129032_sktwi1f5rjvs16fsu.png get_app