Having imported a JKS (Java KeyStore) Certificate from a trusted Certificate Authority, when viewing the keystore the following warning is given:
keytool -list -keystore /opt/CA/WorkloadCC/data/config/.keystore
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /opt/CA/WorkloadCC/data/config/.keystore -destkeystore /opt/CA/WorkloadCC/data/config/.keystore -deststoretype pkcs12".
After running the command advised, checking the keystore again gave no warning message anymore.
However, after restarting WCC, the log in page fails to load.
WCC logs show errors message such as these:
INFO | jvm 1 | 2020/06/30 11:22:58 | 303 | Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Release : 11.3.6
Component : WORKLOAD CONTROL CENTER
WCC does actually require JKS keys to be imported into the keystore. Support for PKCS12 is planned for a future release.
Restore the keystore to the state prior to converting JKS to PKCS12 or re-import the JKS certificate into the keystore.