###### Tip Description
When you set-up an External Admin Store with SSL enabled ,you are required to import the Root CA cert Through the Adminui .
IF for any reason you would like to change the cert or delete it ,there is no option from the Adminui that allows you to do so .
Below are the Steps on where to find the keystore file where these certs are getting stored and how to Manage it .
##### Provided Steps
- From AdminUi under Administration --> Admin UI --> Configure Administrative Authentication ,the root CA cert of the External Admin store can be upload it .
- This cert will be stored within "trustStore.jks" keystore file that can be found under "\CA\siteminder\adminui\server\default\conf\"
- To list the certs available within this keystore file ,you will need to use the keytool available with your java as follows
1) From a command line ,navigate to your JDK home and to the following bin folder (\Java\jdk1.7.0_25\jre\bin)
2) run the below command to list the certs
keytool -list -v -keystore "\CA\siteminder\adminui\server\default\conf\trustStore.jks" -storepass changeit
NOTE --> the keystore file password is changeit by default
3) your cert will be displayed as follows
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: mysite
Creation date: Dec 3, 2015
Entry type: trustedCertEntry
Serial number: ......
Valid from: Fri Jun 19 06:53:58 EDT 2015 until: Thu Jun 19 07:03:57 EDT 2025
- Now to delete the cert from you keystore file ,please follow the below steps
keytool -delete -noprompt -alias <your_cert_alias> -keystore "\CA\siteminder\adminui\server\default\conf\trustStore.jks" -storepass changeit
3) Now run again the list cert (command provided above) to confirm the cert was deleted
4) you will need to restart the Adminui after performing the delete operation
For additional Detail on the keytool usage ,please refer to https://docs.oracle.com/cd/E19879-01/821-0185/ablqz/index.html