SSL renewal error of Service Manager 9.3
I'm having problem generating new SSL for my Service Manager server. I was using exactly the same "SingleSignonAuthenticationHS" used by our Vendor last 2016. I have the below error during the generation of server certificate while executing batch file "tso_srv_svlt".
1. Does it need to completely down the SM server, web servers and SRC servers during generation of certificate?
2. The previous certificate shows 3 years of expiry, but after running the batch file and checking server.keystore file only shows 3 Months(tried checking the generated file with error).
3. I have check and provided the Java HOME by editing the batch file.
"Importing Server certificate into Server keystore
keytool error: java.lang.Exception: Failed to establish chain from reply"
Thank you in advance for the assistance.
The actual generation of the keystores via the batch files is not dependant on Service Manager running or not. You can, in fact, generate the keystores on any machine where you have access to a jre. Only when you insert the keystores into the RTE and client do these need to be restarted.
Regarding your error:
1. When running the "tso_srv_svlt" you're starting fresh
2. Ensure that the <JAVA_HOME>/lib/security/cacerts is the original one and not one from a previous attempt at running the batch file. If you ran this bat previously and had a problem you need to delete the current /lib/security/cacert and rename the /lib/security/cacert.orig to lib/security/cacert then run the bat file
3. Once the server.keystore is created you can move onto the bat file to generate client keystores and - if needed - scaled app server keystores. Note that when running client and scaled bat files you do not need to follow the steps in step 2 above as we're creating the client keystores.
Anytime you 'start over' you need to follow the steps in Step 2 above.