Use of third party certificate in TDM portal not working
Article ID: 235439
Updated On:
Products
Issue/Introduction
Following the instructions as the below documentation to install replace self signed certificate with third party certificate (sectigo).
https://techdocs.broadcom.com/us/en/ca-enterprise-software/devops/test-data-management/4-9/installing/manage-certificates/use-a-certificate-from-a-third-party-certificate-authority.html
After the completion of steps, portal UI is not coming up. In the startup.log, can see below exception.
SEVERE: Failed to initialize component [Connector[HTTP/1.1-8443]]
FINEST|9948/0|22-02-14 17:21:32|org.apache.catalina.LifecycleException: Protocol handler initialization failed
Caused by: java.lang.IllegalArgumentException: Alias name [TestDataManager] does not identify a key entry
Caused by: java.io.IOException: Alias name [TestDataManager] does not identify a key entry
Environment
Release : 4.9
Component : TDM Web Portal
Cause
This issue happens when the keystore being used doesn't include the key-value pair created for TDM Server and just holds the public key certificates of server and other intermediate and root CAs.
Resolution
The issue was resolved by following below steps.
- Regenerated the private key(.pem) and certificate signing request(CSR). Make that the option used here asks for or includes the password for the private key.
- Sent the CSR for singing and got the TDM server certificate(.cer) than contains the complete chain of server, intermediate and root CA public keys.
- Created a keypair(.pfx) file by importing the private key(.pem) into the server certificate(.cer).
openssl pkcs12 -inkey privateKey.pem -in serverCertChain.cer -export -out keypair.pfx
- Created a keystore(.jks) and imported the keypair(.pfx) and gave an alias to the key.
- Updated TDM Portal application properties file to reflect the correct/latest keystore file, password and alias.
Feedback
