AdminUI External Admin Store CERT Management

Document ID : KB000057273
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue

 

When you set-up an External Admin Store with SSL enabled ,you are required to import the Root CA cert Through the Adminui .

IF for any reason you would like to change the cert or delete it ,there is no option from the Adminui that allows you to do so .

 

Below are the Steps on where to find the keystore file where these certs are getting stored and how to Manage it .

 

Resolution 

 

- From AdminUi under Administration --> Admin UI -->  Configure Administrative Authentication ,the root CA cert of the External Admin store can be upload it .

- This cert will be stored within "trustStore.jks" keystore file that can be found under "\CA\siteminder\adminui\server\default\conf\"

- To list the certs available within this keystore file ,you will need to use the keytool available with your java as follows

 

1) From a command line ,navigate to your JDK home and to the following bin folder (\Java\jdk1.7.0_25\jre\bin)

2) run the below command to list the certs

 

keytool -list -v  -keystore "\CA\siteminder\adminui\server\default\conf\trustStore.jks" -storepass changeit

NOTE --> the keystore file password is changeit by default

 

3) your cert will be displayed as follows

 

Keystore type: JKS

Keystore provider: SUN

 

Your keystore contains 1 entry

 

Alias name: mysite

Creation date: Dec 3, 2015

Entry type: trustedCertEntry

Owner: .......

Issuer: ......

Serial number: ......

Valid from: Fri Jun 19 06:53:58 EDT 2015 until: Thu Jun 19 07:03:57 EDT 2025

Certificate fingerprints:......

 

- Now to delete the cert from you keystore file ,please follow the below steps

 

1) From a command line ,navigate to your JDK home and to the following bin folder (\Java\jdk1.7.0_25\jre\bin)

2) run the below command to list the certs

 

keytool -delete -noprompt -alias <your_cert_alias>  -keystore "\CA\siteminder\adminui\server\default\conf\trustStore.jks" -storepass changeit

 

NOTE --> the keystore file password is changeit by default

 

3) Now run again the list cert (command provided above) to confirm the cert was deleted

4) you will need to restart the Adminui after performing the delete operation

 

For additional Detail on the keytool usage ,please refer to  https://docs.oracle.com/cd/E19879-01/821-0185/ablqz/index.html