Tuesday, May 5, 2020

How to import certificate into system's truststore

Assuming that you have certificate that needs to be imported. The steps are given in the previous article. 

#1 Copy the certificate "Server1.cer" to below jre/lib/security folder.

#2 Open command prompt as "Run Administrator". If you don't run it as an administrator the final outcome wouldn't be successful.
    Commands:
    #2.1 Browse to the directory of your jre/lib/security from command prompt with CD command.
    #2.2 Execute below keytool command to import the certifcate into cacerts(i.e. trust-store)
            keytool -importcert -file Server1.cer -keystore cacerts -alias "dataaccess"
            It prompts for password. And provide it as "changeit"
    
#3 Then it would prompt you to take confirmation of trust the certicate with the details listed. Type "yes" and click enter. And then, you would notice a confirmation message that "Certificate was added to trust-store".


So, we have imported the certificate into system's cacerts (trust-store) successfully.

Note: If you want to verify if certificate is present in the cacerts. Refer to this article and in the output, do a Ctrl+F to find your alias name. That confirms that your certificate is added.

Important: 
- The above steps requires a restart of your server, and sometime the box where your server is present.
- In Pega 8.3, there is a new feature added, where we can add a certificate without having to restart server. We will talk about this in future posts.

Click here to go back to Parent Post

Thanks,
HowToPega.info

2 comments:

  1. What is the use of Keystore instance. when we can directly import the certificates into our system.

    ReplyDelete
    Replies
    1. Good question. When a certificate needs to be validated, Pega Platform looks for the certificate in the platform truststore, and finally the JVM truststore.In above post, we have seen on how to import certificate at JVM truststore.

      In the future posts, we will see how to import at platform truststore which is advanced way since it doesn't need server restart. Here you would notice how we add certificate from Pega environment itself to Platform level truststore with help of keystore instance in Pega.

      Delete


HowToPega : All rights reserved and the contents are copyrighted to Pavan Kumar Naidu