Layer7 API Management

Expand all | Collapse all

Facing keytool issues while configuring API portal

Jump to Best Answer
  • 1.  Facing keytool issues while configuring API portal

    Posted 05-17-2017 05:24 AM

    Hi,

     

    I am trying to configure the API portal and during configuring Gateway ssl certificate details While entering the Gateway SSL client certifcate file (PEM Format) and giving alias name as ssl its giving following error.

     

    Enter the Gateway SSL Client Certificate file (PEM Format) to use (): /opt/Deployments/lrs/server/conf/keys/APIGatewayCert.pem
    Enter the CA API Developer Portal TrustStore password: ********
    Enter the alias for your PEM certificate file: ssl
    Are you sure you want to import the [/opt/Deployments/lrs/server/conf/keys/APIGatewayCert.pem] file into the CA API Developer Portal TrustStore? [y/n]? y
    !-> Error: Writting the Certificate to the Trust Store. Try again.

     

     

     

    in the server logs i can see following:

    Error (doTrustStore): Writing the Certificate to the Trust Store with Error: keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
    java.io.IOException: Keystore was tampered with, or password was incorrect
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
    at java.security.KeyStore.load(KeyStore.java:1433)
    at sun.security.tools.keytool.Main.doCommands(Main.java:792)
    at sun.security.tools.keytool.Main.run(Main.java:340)
    at sun.security.tools.keytool.Main.main(Main.java:333)
    Caused by: java.security.UnrecoverableKeyException: Password verification failed
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)

     

    I have imported the private keys from Imported Private Key details from API gateway whose alias is ssl in .p12 format and then converted to .pem. I have given correct password as well.

     

    Please let me know how to resolve this.

     

    Thanks.



  • 2.  Re: Facing keytool issues while configuring API portal
    Best Answer

    Posted 05-17-2017 05:51 PM

    Good afternoon,

     

    The error that you are seeing is due to the password used in the steps is not correct. The default keystore password is "changeit". (4. Connect the API Portal to the Gateway - CA API Developer Portal - 3.5 - CA Technologies Documentation )

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 3.  Re: Facing keytool issues while configuring API portal

    Posted 05-17-2017 11:08 PM

    Additionally to check this navigate to /opt/Deployments/lrs/server/conf/keys and run the below command

    /opt/jdk/bin/keytool -list -keystore trustedCerts.ks -storepass changeit