We are having difficulty importing the Certificate required to setup SSL in OneClick. We have tried a few formats and it is failing. When we issue this import command:
./keytool -import -alias tomcatssl -keystore $SPECROOT/custom/keystore/cacerts -trustcacerts -file certificate.p7b
We receive the following error:
Certificate reply does not contain public key for tomcatssl
We reviewed the cacerts keystore to verify there is a valid entry for alias tomcatssl:
./keytool -list -v -keystore $SPECROOT/custom/keystore/cacerts > cacerts_keystore.OUT
Release : 20.2
Component : Spectrum Core / SpectroSERVER
The order of the certs in the certificate were incorrect.
We needed to have the Certificate Authority (CA) regenerated the p7b certificate file specifying root first, then intermediate, then entity. They had initially generated it as entity, intermediate, and root which does not work.