How to check the list of certificates present in the keystore used while enabling HTTPS on your TIBCO Spotfire Server

book

Article ID: KB0079066

calendar_today

Updated On:

Products	Versions
Spotfire Server	All Versions

Description

When configuring the TIBCO Spotfire Server to use HTTPS, there may be discrepancies between the certificates in the keystore and the server configuration settings. You can use the command described in this article to list all of the certificates stored in the keystore that is used. There are cases where you might not know the exact certificateKeyAlias that is stored in the keystore or that you are using a different certificate, all of which can cause issues when configuring HTTPS.

For example, this command can also help you solve the "Alias name[certificate_alias_name] does not identify a key entry" error seen in catalina.log as described in KB article 000036920.

Issue/Introduction

This article explains a useful command to check the list of certificates present in the keystore used while enabling HTTPS on your TIBCO Spotfire Server

Resolution

Use the following command to list all certificates stored in the specified keystore:

<install directory>\jdk\bin\keytool -list -keystore <install directory>\tomcat\certs\spotfireserver.jks

Where <install directory> is updated with the appropriate path in your installation.

For example:

> C:\tibco\tss\7.11.0\jdk\bin\keytool -list -keystore C:\tibco\tss\7.11.0\tomcat\certs\spotfireserver.jks

Returns:
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

tss_clientcert, 2019-dec-16, trustedCertEntry,
Certificate fingerprint (SHA1): 9E:06:B5:8F:69:BF:D4:E0:EA:7F:E7:EC:F9:04:51:0B:12:7A:5B:46

serverkey, 2019-dec-16, PrivateKeyEntry,
Certificate fingerprint (SHA1): 4E:7F:41:40:81:02:B0:C4:16:53:B1:DF:39:FF:D4:3A:B6:CD:58:07

In this example, we see there are two certificates with the keyaliases "tss_clientcert" and "serverkey". Based on these results you should use the same name for the "keyalias" parameter in the server.xml file (located in \tomcat\conf\ folder).

Additional Information

Doc: Configuring HTTPS

https://docs.tibco.com/pub/spotfire_server/7.11.2/doc/html/TIB_sfire_server_tsas_admin_help/GUID-58E436B3-A057-431C-B65C-92FCE34AB224.html

KB: 000036920 Error "Alias name does not identify a key entry"

https://support.tibco.com/s/article/Error-Alias-name-does-not-identify-a-key-entry

Feedback

thumb_up Yes

thumb_down No

Welcome to "KB Articles"