How to check the list of certificates present in the keystore used while enabling HTTPS on Spotfire Server.
When configuring Spotfire Server to use HTTPS, there may be discrepancies between the certificates in the keystore and the server configuration settings. You can use the command described in this article to list all of the certificates stored in the keystore that is used.
There are cases where you might not know the exact certificateKeyAlias that is stored in the keystore or that you are using a different certificate, all of which can cause issues when configuring HTTPS.
For example, this command can also help you solve the "Alias name[certificate_alias_name] does not identify a key entry" error seen in catalina.log as described in KB article KB0071831. Use the following command to list all certificates stored in the specified keystore:
<install directory>\jdk\bin\keytool -list -keystore <install directory>\tomcat\certs\spotfireserver.jksWhere <install directory> is updated with the appropriate path in your Spotfire Server installation.
For example:
> C:\spotfire\spotfireserver\14.6.0\jdk\bin\keytool -list -keystore C:\spotfire\spotfireserver\14.6.0\tomcat\certs\spotfireserver.jks
Returns:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
tss_clientcert, 2019-dec-16, trustedCertEntry,
Certificate fingerprint (SHA1): 9E:06:B5:8F:69:BF:D4:E0:EA:7F:E7:EC:F9:04:51:0B:12:7A:5B:46
serverkey, 2019-dec-16, PrivateKeyEntry,
Certificate fingerprint (SHA1): 4E:7F:41:40:81:02:B0:C4:16:53:B1:DF:39:FF:D4:3A:B6:CD:58:07In this example, we see there are two certificates with the keyaliases "tss_clientcert" and "serverkey". Based on these results you should use the same name for the "keyalias" parameter in the server.xml file (located in \tomcat\conf\ folder).
Doc: Configuring HTTPS
KB: 000036920 Error "Alias name does not identify a key entry"
Comments
0 comments
Article is closed for comments.