Error configuring TLS on CA Virtual Network Assurance gateway, using a non os provided JDK.


 ./configure_ssl_vna.sh -p mypassword
Creating keystore in wildfly for importing certificate...
Info: Successfully created keystore in Wildfly.
Info: Certificate import started.
Starting to import certificate
1) Import Self Signed Certificate
2) Import CA signed Certificate
Enter the number for the choice:1
Specify the hostname or IP addresses list to be protected by SSL Certificate (Comma Seperated).
vnaserver.example.com
What is the alias name for the certificate? (default alias is cavna)>

What is the name of your organizational unit? (default org unit is BroadcomSoftware)>

What is the name of your organization? (default org name is Broadcom)>

What is the name of your City or Locality? (default city is None)>

What is the name of your State or Province? (default state is None)>

What is the two-letter country code for this unit? (default countrycode is None)>

CN=vnaserver.example.com, OU=BroadcomSoftware, O=Broadcom, L=None, ST=None, C=None
Error: Failed to import certificate into the keystore configured at /opt/CA/VNA/wildfly/standalone/configuration/keystore.jks.


The update-alternatives command was used to set the custom java to the default

DX NetOps Virtual Network Assurance 24.3.2 and earlier

keytool is not found in the $PATH

DX NetOps Virtual Network Assurance 24.3.3. and later has been updated to look for keytool in the same location as the configured java.

For versions prior to this make sure that keytool is in your path.

One way of achieving this is to add keytool to th alternatives system:

update-alternatives --install "/usr/bin/keytool" "keytool" "/<path_to_>/keytool" 1
 

When using the OS java, several java components such as keytool change when updating the default java.