Knowledge Document: How to update the Vibe .keystore file with new unexpired commercial certificate information

0 Likes

Environment
  SLES 12
  SLES 15

Situation
My commercial certificate used for Vibe is either expired or soon to expire, how can I update the commercial certificate information ?

Cause
  n/a

Resolution

NOTE:  Please before updating any Vibe server with this procedure, make a snapshot backup of the Vibe server if it is virtualized, just in case.  If it is “bare metal”, then at least backup the /opt/novell/teaming/apache-tomcat/conf/ directory before making any changes.  And READ this document completely before implementing it.

Updating Public Cert for Vibe

Note: 
It is assumed that you have placed a copy of the new updated commercial certificate files on your linux Vibe server, in the /root/Documents/certs/ directory.  You have obtained them from your commercial “Certificate Authority”.  It should contain the new updated SERVER certificate file ( example for this document is “server.crt” ) .  The Intermediate certificate file ( example is :  “intermediate.crt” ), and the Private Key file ( “private.key” ).  Substitute your names as needed.

Note:
If this procedure is not done correctly, or if you used another procedure, there is a chance the Vibe server process will not start OR it will start but when you go to a browser and try to go to the Vibe website, you will not be able to reach a Vibe login page.

Vibe can use a pkcs#12 file to import into a .keystore. The following steps allow you to convert the components of a standard or wildcard Certificate appropriately, and then put it in place on the Vibe Server.

Steps to Follow :

  1.  In this document example at the linux Vibe server, as “root”, cd to /root/Documents/certs.

 

  1. Remove the password ( passphrase ) from the private key with the following command:


  openssl rsa -in <private.key> -out <nopass.key>

(If prompted for pass phrase, enter the password used during private key creation)


Note:  The key file should be the original private key used, when creating the certificate signing request (CSR)
 

  1.  Create the pkcs12 file with the following command

openssl pkcs12 -export -in <server.crt> -inkey <nopass.key> -out <keypair.p12> -name tomcat -certfile <intermediate.crt>

Note:  Use the certificate files from step 1 to replace <server.crt> and <intermediate.crt>.  Use your names as needed.

Note: IF needed, add another statement of -certfile for every intermediate or root certificate if there is more than one.

Also, -certfile is not required if there are no other certificate chain file.

Note:  Input a password that will be used to import the pkcs12 key pair

4.   Create the new .keystore file:

  Note:  “changeit” is a common password to use when creating the new “keypair.p12” certificate file for Vibe.  Consider that .

/opt/novell/teaming/jre/bin/keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore .keystore_new -srckeystore keypair.p12 -srcstoretype PKCS12 -srcstorepass <pass phrase of keypair.p12> -alias tomcat

Note: changeit is the default keytool password. 
 

5.   Move the .keystore_new to the conf directory

mv .keystore_new /opt/novell/teaming/apache-tomcat/conf/
 

6.   Change directory to /opt/novell/teaming/apache-tomcat/conf/

cd /opt/novell/teaming/apache-tomcat/conf/

Change the ownership, and rights of the .keystore_new
chown --reference .keystore .keystore_new
chmod --reference .keystore .keystore_new

Test Keystore:
keytool -list -keystore .keystore OR
keytool -list -keystore .keystore -storetype pkcs12

Back up the existing .keystore
mv .keystore .keystore_old
Rename the new .keystore
mv .keystore_new .keystore
 

7.   Restart the Vibe appliance at the linux Vibe terminal as “root” with :


systemctl stop vibe
systemctl start vibe
systemctl status vibe

NOTE:  After you restart Vibe, give it about 10 minutes before trying to login at the browser.

Access article on support portal

Labels:

Knowledge Docs
Comment List
Related
Recommended