Knowledge Document: How to update the Vibe .keystore file with new unexpired commercial certificate information


  SLES 12
  SLES 15

My commercial certificate used for Vibe is either expired or soon to expire, how can I update the commercial certificate information ?



NOTE:  Please before updating any Vibe server with this procedure, make a snapshot backup of the Vibe server if it is virtualized, just in case.  If it is “bare metal”, then at least backup the /opt/novell/teaming/apache-tomcat/conf/ directory before making any changes.  And READ this document completely before implementing it.

Updating Public Cert for Vibe

It is assumed that you have placed a copy of the new updated commercial certificate files on your linux Vibe server, in the /root/Documents/certs/ directory.  You have obtained them from your commercial “Certificate Authority”.  It should contain the new updated SERVER certificate file ( example for this document is “server.crt” ) .  The Intermediate certificate file ( example is :  “intermediate.crt” ), and the Private Key file ( “private.key” ).  Substitute your names as needed.

If this procedure is not done correctly, or if you used another procedure, there is a chance the Vibe server process will not start OR it will start but when you go to a browser and try to go to the Vibe website, you will not be able to reach a Vibe login page.

Vibe can use a pkcs#12 file to import into a .keystore. The following steps allow you to convert the components of a standard or wildcard Certificate appropriately, and then put it in place on the Vibe Server.

Steps to Follow :

  1.  In this document example at the linux Vibe server, as “root”, cd to /root/Documents/certs.


  1. Remove the password ( passphrase ) from the private key with the following command:

  openssl rsa -in <private.key> -out <nopass.key>

(If prompted for pass phrase, enter the password used during private key creation)

Note:  The key file should be the original private key used, when creating the certificate signing request (CSR)

  1.  Create the pkcs12 file with the following command

openssl pkcs12 -export -in <server.crt> -inkey <nopass.key> -out <keypair.p12> -name tomcat -certfile <intermediate.crt>

Note:  Use the certificate files from step 1 to replace <server.crt> and <intermediate.crt>.  Use your names as needed.

Note: IF needed, add another statement of -certfile for every intermediate or root certificate if there is more than one.

Also, -certfile is not required if there are no other certificate chain file.

Note:  Input a password that will be used to import the pkcs12 key pair

4.   Create the new .keystore file:

  Note:  “changeit” is a common password to use when creating the new “keypair.p12” certificate file for Vibe.  Consider that .

/opt/novell/teaming/jre/bin/keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore .keystore_new -srckeystore keypair.p12 -srcstoretype PKCS12 -srcstorepass <pass phrase of keypair.p12> -alias tomcat

Note: changeit is the default keytool password. 

5.   Move the .keystore_new to the conf directory

mv .keystore_new /opt/novell/teaming/apache-tomcat/conf/

6.   Change directory to /opt/novell/teaming/apache-tomcat/conf/

cd /opt/novell/teaming/apache-tomcat/conf/

Change the ownership, and rights of the .keystore_new
chown --reference .keystore .keystore_new
chmod --reference .keystore .keystore_new

Test Keystore:
keytool -list -keystore .keystore OR
keytool -list -keystore .keystore -storetype pkcs12

Back up the existing .keystore
mv .keystore .keystore_old
Rename the new .keystore
mv .keystore_new .keystore

7.   Restart the Vibe appliance at the linux Vibe terminal as “root” with :

systemctl stop vibe
systemctl start vibe
systemctl status vibe

NOTE:  After you restart Vibe, give it about 10 minutes before trying to login at the browser.

Access article on support portal


Knowledge Docs
Comment List