CA Identity Suite Virtual Appliance replacing self-signed certs

Document ID : KB000093224
Last Modified Date : 27/04/2018
Show Technical Document Details
We would like to replace the self-signed certificates for Identity Manager on the Virtual Appliance. When replacing the certificate and private key in the suggested folder 


we receive the following error

2018-02-02 19:30:06,222 ERROR [] (MSC service thread 1-7) MSC000001: Fai 
led to start service or 
g.jboss.msc.service.StartException in service JBAS015229: Unable to start service 
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService( [jboss-msc-1.2.2.Final.jar:1.2.2.Final] 
at org.jboss.msc.service.ServiceControllerImpl$ [jboss-msc-1.2.2.Final.jar:1.2.2.Final] 
at java.util.concurrent.ThreadPoolExecutor.runWorker( [rt.jar:1.8.0_71] 
at java.util.concurrent.ThreadPoolExecutor$ [rt.jar:1.8.0_71] 
at [rt.jar:1.8.0_71] 
Caused by: Invalid keystore format 
CA Identity Suite 14.1 CP2 (minimum)
The problem is that the Virtual Appliance is expecting a java keystore instead of a certificate and a private key placed in the location of the OOTB self signed certs.
To resolve this, you need to import the certificate and the private key into a java keystore. Once this is done place this inside the following location /opt/CA/VirtualAppliance/custom/wildfly-ssl-certificates/ and restart the service. On restart this time you should notice the service will start without error.

The service is looking for a JKS once this is created with the signed cert and the private key you should not experience any issues.