uCMDB 11.33 - certificates in server.keystore overwritten at startup
I started to use certificates signed by Root CA and tried to replace the OOTB keystore with new certificates.
Using hardening and troubleshooting guide (https://docs.microfocus.com/UCMDB/10.33/ucmdb-docs/docs/eng/doc_lib/Content/admin/ConfigManagDB_tr_trouble_limits.htm?Highlight=keystore) it looks now quit good. But I have strange behaviour at start of the windows service:
Before start my new server.keystore has 3 certificates (1x server, 2x root ca) this looks good with "keytool -list" command.
When starting uCMDB Sevice again the content of server.keystore changes back to default.
Means after startup i can run same command (keytool -list) and i get the default certificate "hpcert".
The password (storepass) value is the same. So I assume there is a startup behaviour which cleans my keystore and loads default certificate back..
How can I prevent this? Any known bug?
Thanks in advance for your help!
In the 'Hardening Guide', page 25ish (on 11.0 documentation):
Caution: There can be one server certificate only in server.keystore.
What you should do is:
- Generate a keystore
- Create a CSR
- Get it signed
- Install it
- Add Root and intermediate certificates to the cacerts file
UCMDB Worldwide Support Lead
Micro Focus Support
If you find this or any post resolves your issue, please be sure to mark it as an accepted solution."
Click the KUDOS star on the left to say 'Thanks'
Thank you for the reply.
Unfortunately this does not really help. I did it exactly this way:
Generate certificate and create CSR, sign using CA, verify using "list".
I tried to rename the alias to "hpcert" but did not help. When starting uCMDB service the server.keystore is updated with default keys..
Any other ideas?