How to verify which DevTest component is using a specific keystore?
Article ID: 129032
Updated On:
Products
CA Application Test
CA Continuous Application Insight (PathFinder)
Service Virtualization
Issue/Introduction
DevTest environment is configured to use SSL between components.
When accessing the DevTest via web browser, Portal and Enterprise Dashboard, can verify the certificate being used will expire soon.
How to verify which file needs to be replaced and which property file needs to be updated?
Environment
All supported DevTest releases.
Cause
N/A.
Resolution
There are few properties files that can be configured when enabling SSL communication on DevTest environment.
phoenix.properties for Portal,
dradis.properties for Enterprise Dashboard,
local.properties for Registry and other components,
and Standalone.xml for IAM.
dradis.properties for Enterprise Dashboard,
local.properties for Registry and other components,
and Standalone.xml for IAM.
If the soon to expire certificate is being verified when accessing the Portal, verify the phoenix.properties to check which keystore is being used with the Portal. If the Enterprise Dashboard is showing the certificate that is about to expire, verify the dradis.properties file...
To verify the expiration date of a key, you will need to list the content or open the keystore.
To verify the expiration date of a key, you will need to list the content or open the keystore.
In the command line, you can try to execute the command below:
$JAVA_HOME/bin/keytool -list -v -keystore <path to keystore.jks>
Look for "Entry type: PrivateKeyEntry" and its "Valid from:" line - this last will show the key expiration date.
The dates need to match with what you are seeing in the browser for the certificate details. As well as the "Owner: CN" with the "Issued to" and the "Issuer CN" with the "Issued by".
If it matches, you probably found which keystore is being used.
Do a search in the properties files for the keystore name and you will find all the properties files that is using this key.
Once you have the new key generated, replace the properties that are pointing to the expiring keystore.
Attachments
Feedback
Was this article helpful?
Yes
No
Powered by
