The following instructions describe how to read the certificate information stored in the default self-signed certificate that PAM initially deploys for an SSL configured environment.  This can be used to help inform on setting up SSL using a third party certificate.

Release : 4.3.5 and higher

CA Process Automation

To acquire information about the self-signed certificate, you will need to run the keytool command.  The following is an example of how to achieve this:

- Locate a keytool.exe binary.  This is a binary that can be found in any JRE or JDK implementations.  In our example, one was found in location "C:\Program Files\Java\jre1.8.0_201\bin\"

- Access the DOMAINID value in the OasisConfig.properties file.  In our example, the OasisConfig.properties file is located in location "C:\Program Files\CA\PAM\wildfly\standalone\.config\" and has this value:

DOMAINID=faaaad-496f-4584-976f-c41aaaa99ff

- Open an Admin Command Prompt on the PAM Server.

- cd to the keystore location.  In our example, the Keystore file name is "c2okeystore" and is located in "C:\Program Files\CA\PAM\wildfly\standalone\.config".  

- Run the command:  

"C:\Program Files\Java\jre1.8.0_201\bin\keytool.exe"  -list -v -keystore c2okeystore

-  You will be prompted for a keystore password.  Enter the above DOMAINID value, ie faaaad-496f-4584-976f-c41aaaa99ff (one can paste this value using the admin command prompt menu options)

You should get an output similar to this:

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: itpam
Creation date: Oct 19, 2022
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=CA
Issuer: CN=CA
Serial number: 183f068ad2e
Valid from: Tue Oct 18 13:22:15 UTC 2022 until: Wed Nov 04 13:22:15 UTC 2122
Certificate fingerprints:
         MD5:  C9:EE:94:15:AC:5A:72:3F:E2:EA:81:F0:F1:F4:4C:A5
         SHA1: 01:BA:36:0B:CA:92:8E:4D:3E:5D:4D:2B:08:37:3F:CC:E2:35:66:7B
         SHA256: E6:9D:78:A8:72:3D:D8:A5:BD:6F:4C:EC:67:BB:D7:1C:C7:B0:5B:06:92:6A:F9:54:6F:7A:D5:6C:7A:AB:E1:18
Signature algorithm name: SHA1withRSA
Subject Public Key Algorithm: 1024-bit RSA key
Version: 1


*******************************************
*******************************************




Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore c2okeystore -destkeystore c2okeystore -deststoretype pkcs12".