How to renew expired self-signed certificate in Vibe.

  • 7024236
  • 05-Nov-2019
  • 05-Nov-2019

Environment

Vibe 4.0.5
Vibe 4.0.6

Situation

When you view existing certificate from a browser pointing to your Vibe server, you notice that a validity of present certificate has expired.

Resolution

Vibe uses by default java approach when securing the site. You can manipulate certificates using the keytool located under /opt/novell/teaming/jre/bin.
To review existing certificates stored in the .keystore file:

./keytool -list -v -keystore /opt/novell/teaming/apache-tomcat/conf/.keystore

The output will list in details certificates currently present in the keystore file. Before renewing certificate, you must first delete existing one with alias tomcat:

./keytool -delete -alias tomcat -keystore /opt/novell/teaming/apache-tomcat/conf/.keystore

When prompted for a password, typically default changeit string shall work unless you changed it before.

Now you are ready to create new certificate file and imprt it into the keystore file with alias name tomcat as it was before, example with answers you get asked:

./keytool -genkey -keyalg RSA -alias tomcat -keystore /opt/novell/teaming/apache-tomcat/conf/.keystore -storepass changeit -validity 720 -keysize 2048
What is your first and last name?
  [Unknown]:  bacardi.com
What is the name of your organizational unit?
  [Unknown]:  NTS
What is the name of your organization?
  [Unknown]:  Microfocus
What is the name of your City or Locality?
  [Unknown]:  Rotterdam
What is the name of your State or Province?
  [Unknown]:  South Holland
What is the two-letter country code for this unit?
  [Unknown]:  NL
Is CN=bacardi.com, OU=NTS, O=Microfocus, L=Rotterdam, ST=South Holland, C=NL correct?
  [no]:  yes

Finally you can also convert this format into PKCS12 as suggested by this tool:

./keytool -importkeystore -srckeystore /opt/novell/teaming/apache-tomcat/conf/.keystore -destkeystore /opt/novell/teaming/apache-tomcat/conf/.keystore -deststoretype pkcs12

At the end you can review newly imported certificate into the keystore file via command:

./keytool -list -v -keystore /opt/novell/teaming/apache-tomcat/conf/.keystore