•Issue: When trying to Install the New Strong Keystore file, but Picking the Old  BD Strong Keystore file
•Error:
Authorization failed: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate: certificate expired on 20170322235959GMT+00:00

When trying to Install the New Strong Keystore file, but Picking the Old BD Strong Keystore file

Solution:

Path of the BD Strong Keystore file is located outside of the BD Installation Dir and CIS Installation Dir

  Path : "/opt/cisco/security/cis.jks“

Imported the New generated keystore file

  keytool -importcert -alias cis_prod -file hdg_cisbd.cer -trustcacerts -keystore cis.jks

  <JAVA_HOME>/bin/keytool -list -v -keystore /opt/cisco/security/cis.jks 2>&1 > certificates.txt

Identified customer imported the trust cert file, but customer need to import PrivateKey keystore file.

Imported the Privatekey file into the strong keystore file

         keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS

        after importing Private key, got the below error  "java.security.invalidkeyexception: illegal key size"

 

 

 

 

Requested to  Install the JCE (Java Cryptography Extension)“Unrestricted JCE Policy files and replace the default

      local_policy.jar and US_export_policy.jar files with new policy files, before replacing the take the backup of default files and replace with new files

      files are located in the directory jre\lib\security.

     download link  http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

After importing the privatekey file to the strong keystore file and tried to restart the BD Server but did not picking the Latest BD strong keystore file
Restarted the CIS Server and customer is able to login the BD.
Jira case # https://dvbu-jira.cisco.com/browse/BD-4784