How to update certificate inside a keystore being used for authentication with REST Datasource?

How to update certificate inside a keystore being used for authentication with REST Datasource?

book

Article ID: KB0072309

calendar_today

Updated On:

Products Versions
TIBCO Data Virtualization All supported versions

Description

Custom certificates may be needed while authenticating a REST endpoint URL while using the REST Data source in TDV. This certificate is imported in a Keystore which is in turn specified in the "Advanced" tab of the data source.

If the certificates present in the Keystore are expired, this will lead to a "PKIX Path Building Failed" error. A new certificate is needed which can then be used for successful authentication.

Issue/Introduction

This article describes the steps to update the keystore containing expired certificates that is currently being used by the REST Datasource.

Environment

All supported OS.

Resolution

To update the existing Keystore file with the new certificate, the below steps can be used:
Pre-req: Take a Backup of the Keystore before making any changes. 

(1) Find and locate where the existing Keystore that is referenced on the REST data source is located. 
(2) Perform a list on this data source using the below keytool command: 

[TDV_Server_install]\JDK\bin\keytool -list -v -keystore <path_where_the_keystore_is_located>.jks -storepass <password_for_this_keystore>
Example: 
C:\apps\tdv_80\JDK\bin\keytool -list -v -keystore C:\apps\tdv_80\conf\server\security\rest_db_keystore.jks -storepass changeit

(3) Delete the expired certificate using the below command: (get the alias for this command from the output of #2) 

[TDV_Server_install]\jdk\bin>keytool -delete -alias <value_from_above_list> -keystore <path_where_the_keystore_is_located>.jks -storepass <password_for_this_keystore>

(4) Import the new certificate (.cer) into the Keystore

[TDV_Server_install]/jdk/bin/keytool -import -trustcacerts -alias <alias_for_new_cert> -file <path_where_new_cert_is_stored>.cer -keystore <path_where_the_keystore_is_located>.jks -storepass <password_for_this_keystore>

(5) Restart the TDV server.

Note: If you cannot find the location where the keystore is located, you can export it from the Studio using the options provided and then follow the above steps. (for the password, try the default one 'changeit' if you do not know the password)