ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
How to verify which DevTest component is using a specific keystore?
Article ID: 129032
CA Application TestService VirtualizationCA Continuous Application Insight (PathFinder)
DevTest environment is configured to use SSL between components. When accessing the DevTest via web browser, Portal and Enterprise Dashboard, we can verify the certificate being used will expire soon. How do we verify which file needs to be replaced and which property file needs to be updated?
All supported DevTest releases.
There are few properties files that can be configured when enabling SSL communication on DevTest environment.
phoenix.properties for Portal, dradis.properties for Enterprise Dashboard, local.properties for Registry and other components, and Standalone.xml for IAM.
If the soon to expire certificate is being verified when accessing the Portal, verify the phoenix.properties to check which keystore is being used with the Portal. If the Enterprise Dashboard is showing the certificate that is about to expire, verify the dradis.properties file...
To verify the expiration date of a key, you will need to list the content or open the keystore. Portecle or KeyStoreExplorer can used to visualize the content of the keystore file. In the command line, you can try to execute the command below:
$JAVA_HOME/bin/keytool -list -v -keystore <path to keystore.jks>
Look for "Entry type: PrivateKeyEntry" and its "Valid from:" line - this last will show the key expiration date. The dates need to match with what you are seeing in the browser for the certificate details. As well as the "Owner: CN" with the "Issued to" and the "Issuer CN" with the "Issued by".
If it matches, you probably found which keystore is being used. Do a search in the properties files for the keystore name and you will find all the properties files that is using this key. Once you have the new key generated, replace the properties that are pointing to the expiring keystore.