search cancel

Does Access Gateway support PKCS12 key store type?

book

Article ID: 239332

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

Does the Access Gateway support the PKCS12 key store type, which is default with the JDK 11 version?

Cause

Keytool defaults to creating JKS format, thus the -storetype option needs to be used when creating a Tomcat keystore for enabling SSL on Access Gateway 12.8.6.

Environment

Release : 12.8.06

Component : SITEMINDER SECURE PROXY SERVER; Access Gateway

Resolution

The 12.8.06 version of Access Gateway supports JDK 11 but the default PKCS12 key store format (JKS format) is not supported with this version of Access Gateway.  You need to create a key store that supports JCEKS for enabling SSL on Tomcat for Access Gateway 12.8.6. You need to run the following command to create a JCEKS key store:

keytool -genkeypair -keysize numbits -keyalg RSA -alias tomcat -storetype JCEKS -keystore tomcat.keystore

Additional Information

Here is the documentation link for enabling SSL on Tomcat for the Access Gateway:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/access-gateway-configuration/configuring-ssl-for-access-gateway/configuring-ssl-on-tomcat-application-server-manually.html