Mid Web Server Keystore Certificate Alias location
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-13-2019 10:55 AM
Hi all, having some issues trying to start the Mid Web Server with a secure connection. The keystore certificate alias seems to be referencing the name of the Keystore … but which directory is it looking for this keystore?
Our mid server is using certificates in a custom directory - not the default directory midserver\agent\keysore …
Is there a way to put the full path of the certificate in the Keystore Alias field?
Thanks!
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2019 06:03 AM
So - I've figured out that the if you create a keystore in the midserver\agent\keystore directory, the only store type that works is JCEKS ... so far that's the only way I can start the Mid Web Server.
However, even though I created a valid keystore - signed, with root and intermediate certs the web server doesn't seem to use the keystore and when I try to POST to the mid server API I get invalid security certificate. The PID command line of the webserver is pointing to our correct truststore, but is missing the -Djavax.net.ssl.keyStore parameter.
The ServiceNow docs don't go into enough detail on how they expect this to be configured, has anyone setup SSL for the Mid Web Server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2019 05:46 AM
If anyone ever runs into the same issue, here are the steps I used to get this working.
Start with a PKCS #12 cert and create a password on it.
Extract the private key and import into a keystore with storetype jceks, the name must be "webserver_keystore"
keytool -importkeystore -srckeystore "<source pfx>" -srcstoretype pkcs12 -destkeystore "webserver_keystore.jceks" -deststoretype jceks -storetype jceks
After this, you can update the alias name to make it more descriptive for the UI configuration
keytool -changealias -alias "<current alias>" -destalias "<new alias>" -keystore webserver_keystore_test.jceks -storetype jceks
To find the current alias...
keytool -list -keystore webserver_keystore.jceks -storetype jceks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2020 03:19 AM
Hi,
I have confusion if you can please explain or help me regarding certificate location in windows
- we have our certificate in /agent directory
but security wants us to move the certificate location to their approved location:
/cert/.......
will this work if we remove the certificate to another location?Please guide on this.
Thanks
