![]() ![]() So, I assume the Keystore Explorer is automatically using changeme as the password since I supplied it for the JKS keystore password.Īdmittedly, I'm no expert with using JKS and understanding the intricacies of security but this one has me stumped. When I go into the Keystore Explorer to change the alias password, it accepts "changeme" as the password. In the Keystore Explorer I didn't specify a password for the alias. We do alot of SpringBoot APIs and we use the JKSs to secure Tomcat in the container so we can get HTTPS connected.īut here's the problem I'm running into, when I change the JKS keystore password I start getting : Cannot recover key errors being thrown. The idea behind using the global JKS is that apps can pull down the JKS from S3 and then reset the JKS with their own string password. I created the JKS using the Keystore Explorer. There is no need to restart services for this change to take effect.I've created a global JKS that has "changeme" as the keystore password.Other Java applications will use this file while eDiscovery will use the cacerts.bcfks. Note: It is not necessary to rename the original cacerts file. On the menu, select File > Save As and name the file cacerts.bcfks.Open Keystore Explorer and use File > Open to navigate to the folder containing the cacerts file for the current version of Java.įor example: C:\jdk-8u251-windows-圆4\jre\lib\security folder in version 10.0.To convert the Java Certificate Authority keystore, cacerts: Rename the server.keystore to then rename the converted keystore from to server.keystore.ī. ![]() ![]() Exit KeyStore Explorer and navigate to D:\v100\config\templates\tomcat.On the menu, select File > Save As and name the file.On the menu, open Tools > Change KeyStore Type and select BCFKS.Open Keystore Explorer and use File > Open to navigate to D:\v100\config\templates\tomcat and open the server.keystore file.To convert the Tomcat keystore, server.keystore: Using the open source tool called KeyStore Explorer to convert from JKS to BCFKS format.ĭownload and install KeyStore Explorer on the eDiscovery primary server following the defaults. If you have used another password, please replace both password values with the new password. Note: The above command assumes the current cacerts password is changeit. Keytool -importkeystore -srckeystore cacerts -srcstoretype JKS -srcstorepass changeit -destkeystore cacerts.bcfks -deststorepass changeit -deststoretype BCFKS -providerclass .provider.CryptoComplyFipsProvider Run the following command to convert the cacerts from JKS to BCFKS format:.Open an administrative command prompt in the folder containing the cacerts file for the current version of Java.įor example: C:\jdk-8u251-windows-圆4\jre\lib\security folder in version 10.0.Converting the Java Certificate Authority keystore, cacerts: When convenient, run Option #7 in the Clearwell Utility on the server desktop to deploy the converted certificate.ī.Upon completion of the conversion, rename the server.keystore to then rename the converted keystore from to server.keystore.If you have used another password, please replace both password values with the new password.Īlso, if copying/pasting this command, ensure that no extra characters are randomly inserted into the command. Note: The above command assumes the current keystore password is 123456. Keytool -importkeystore -srckeystore server.keystore -srcstoretype JKS -srcstorepass 123456 -destkeystore -deststorepass 123456 -deststoretype BCFKS -providerclass .provider.CryptoComplyFipsProvider Run the following command to convert the server.keystore from JKS to BCFKS format:.Open an administrative command prompt in D:\v100\config\templates\tomcat.Converting the Tomcat keystore, server.keystore: Using the Java Keytool command to convert JKS to BCFKS format A. The Veritas eDiscovery version 10.0 System Administration Guide provides a command line to convert a JKS formatted keystore to the BCFKS format. On occasion, it may be necessary to manually convert a JKS formatted keystore to BCFKS format, such as when implementing secure LDAP (LDAPs). The new format used in version 10.0 and above is Bouncy Castle Foundation KeyStore format (BCFKS) and is required for both the server.keystore and cacerts files.ĭuring an upgrade or fresh installation, this conversion takes place automatically. Prior to version 10.0 the Tomcat keystore, server.keystore, and the Java Certificate Autority keystore, cacerts, used by eDiscovery were in Java KeyStore format (JKS). In eDiscovery version 10.0, a new keystore format was introduced to improve security and compatibility with modern encryption methods. ![]()
0 Comments
Leave a Reply. |