I am trying to configure the API portal and during configuring Gateway ssl certificate details While entering the Gateway SSL client certifcate file (PEM Format) and giving alias name as ssl its giving following error.
Enter the Gateway SSL Client Certificate file (PEM Format) to use (): /opt/Deployments/lrs/server/conf/keys/APIGatewayCert.pemEnter the CA API Developer Portal TrustStore password: ********Enter the alias for your PEM certificate file: sslAre you sure you want to import the [/opt/Deployments/lrs/server/conf/keys/APIGatewayCert.pem] file into the CA API Developer Portal TrustStore? [y/n]? y!-> Error: Writting the Certificate to the Trust Store. Try again.
in the server logs i can see following:
Error (doTrustStore): Writing the Certificate to the Trust Store with Error: keytool error: java.io.IOException: Keystore was tampered with, or password was incorrectjava.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) at java.security.KeyStore.load(KeyStore.java:1433) at sun.security.tools.keytool.Main.doCommands(Main.java:792) at sun.security.tools.keytool.Main.run(Main.java:340) at sun.security.tools.keytool.Main.main(Main.java:333)Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
I have imported the private keys from Imported Private Key details from API gateway whose alias is ssl in .p12 format and then converted to .pem. I have given correct password as well.
Please let me know how to resolve this.
The error that you are seeing is due to the password used in the steps is not correct. The default keystore password is "changeit". (4. Connect the API Portal to the Gateway - CA API Developer Portal - 3.5 - CA Technologies Documentation )
Director, CA Support
Additionally to check this navigate to /opt/Deployments/lrs/server/conf/keys and run the below command
/opt/jdk/bin/keytool -list -keystore trustedCerts.ks -storepass changeit