Environment
Vibe 4.0.5
Vibe 4.0.6
Situation
When you view existing certificate from a browser pointing to your Vibe server, you notice that a validity of present certificate has expired.
Resolution
Vibe uses by default java approach when securing the site. You can manipulate certificates using the keytool located under /opt/novell/teaming/jre/bin.
To review existing certificates stored in the .keystore file:
./keytool -list -v -keystore /opt/novell/teaming/apache-tomcat/conf/.keystore
The output will list in details certificates currently present in the keystore file. Before renewing certificate, you must first delete existing one with alias tomcat:
./keytool -delete -alias tomcat -keystore /opt/novell/teaming/apache-tomcat/conf/.keystore
When prompted for a password, typically default changeit string shall work unless you changed it before.
Now you are ready to create new certificate file and imprt it into the keystore file with alias name tomcat as it was before, example with answers you get asked:
./keytool -genkey -keyalg RSA -alias tomcat -keystore /opt/novell/teaming/apache-tomcat/conf/.keystore -storepass changeit -validity 720 -keysize 2048
What is your first and last name?
[Unknown]: bacardi.com
What is the name of your organizational unit?
[Unknown]: NTS
What is the name of your organization?
[Unknown]: Microfocus
What is the name of your City or Locality?
[Unknown]: Rotterdam
What is the name of your State or Province?
[Unknown]: South Holland
What is the two-letter country code for this unit?
[Unknown]: NL
Is CN=bacardi.com, OU=NTS, O=Microfocus, L=Rotterdam, ST=South Holland, C=NL correct?
[no]: yes
What is your first and last name?
[Unknown]: bacardi.com
What is the name of your organizational unit?
[Unknown]: NTS
What is the name of your organization?
[Unknown]: Microfocus
What is the name of your City or Locality?
[Unknown]: Rotterdam
What is the name of your State or Province?
[Unknown]: South Holland
What is the two-letter country code for this unit?
[Unknown]: NL
Is CN=bacardi.com, OU=NTS, O=Microfocus, L=Rotterdam, ST=South Holland, C=NL correct?
[no]: yes
Finally you can also convert this format into PKCS12 as suggested by this tool:
./keytool -importkeystore -srckeystore /opt/novell/teaming/apache-tomcat/conf/.keystore -destkeystore /opt/novell/teaming/apache-tomcat/conf/.keystore -deststoretype pkcs12
At the end you can review newly imported certificate into the keystore file via command:
./keytool -list -v -keystore /opt/novell/teaming/apache-tomcat/conf/.keystore