I am trying to install web UI ssl certificate in CA Vapp. while trying to generate keystore i am getting error,
keytool error: java.io.FileNotFoundException: IAM*** (Permission denied)
Do we have to give any extra permission or do we have to perform this operation with any specific user. As i am trying this task first with CA Virtual Appliance your support and view over my concern would be helpful.
You might not be in the right directory or a writable directory.
Run whoami, pwd and send the the results along with the command you are entering.
Thanks for your response. PFA screenshot and share your view which would be helpful. Awaiting Reply!
If we have to run this command with different user other then config. where do we find the password for other users because we only aware of config user password.
Perhaps you should try to run the command from config home and execute the command with full path and see if the problem remains.
The embedded httpd service is using the standard JDK keystore, cacerts, and the permissions have been open for this keystore file to replace any CA certs or server certs.
Administering Virtual Appliance - CA Identity Suite - 14.2 - CA Technologies Documentation
keytool -list -v -keystore /opt/CA/jdk1.8.0_71/jre/lib/security/cacerts -store-pass changeit
keytool -printcert -v -file /opt/CA/VirtualAppliance/custom/apache-ssl-certificates/localhost.crt
ls -lart /opt/CA/VirtualAppliance/custom/apache-ssl-certificates
ls -lart /opt/CA/jdk1.8.0_71/jre/lib/security/cacerts
See permission for the "config" userID.
Note: The Wildfly certs will use different keystore(s).
See if the links below are useful, if you plan to use external load balancers:
Steps to update the server cert for Wildfly for TCP 8443