This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Information about SSL certificate

Bharadwaj
New Contributor III
New Contributor III

‎07/03/2023 11:12 AM

Hi,
 
We are using one connector which uses SSL authentication. The certificate was expired and we would like to have the new certificate uploaded to the keystore. We have received the certificate in three formats (.cer, .crt & .p12 ). 
 
We tried uploading .cer & crt certificates using the UI functionality and restarted the servers and updated the connectionjson with the password provided. However, we are getting the below mentioned error:
 
java.io.IOException: Keystore was tampered with, or password was incorrect
 
We were unable to upload .p12 format certificate because of the UI limitation. Do we need to upload the .p12 certificate to the Keystore (/opt/sharedappdrive/saviynt/security/cacerts).
 
Please let me know.
 
Thanks!
Labels:
0 Kudos
3 REPLIES 3

rushikeshvartak
All-Star
All-Star

‎07/03/2023 08:33 PM

.cer certificate should resolve your error. Can you raise FD ticket to upload certificate into Keystore and restart server


Regards,
Rushikesh Vartak
0 Kudos

Bharadwaj
New Contributor III
New Contributor III
In response to rushikeshvartak

‎07/05/2023 02:52 AM

Hi,

We got the certificate uploaded from backend, but the issue has not been resolved. We tried both the ways, mentioned below:

1. Uploaded .cer certificate - did not work.

2. Uploaded .p12 certificate - did not work.

Any idea of what could be the keyFilePassword that is available in the connection json?

 

ConnectionJson for reference:

{

"authentications": {

"userAuth": {

"authType": "oauth2",

"url": "https://xxxxxx/xxxx/xxx/xx",

"httpMethod": "GET",

"httpParams": {

"grant_type": "client_cert"

},

"httpContentType": "application/x-www-form-urlencoded",

"ssl": {

"keyFile": "/opt/sharedappdrive/saviynt/security/cacerts",

"keyFilePassword": "<Provided Password of the certificate>",

"keyManagerAlgorithm": "SunX509",

"keyStoreType": "JKS",

"sslAlgorithmName": "TLSv1.2"

},

"httpHeaders": {},

"retryFailureStatusCode": [

401,

403

],

"expiryError": "ExpiredAuthenticationToken",

"authError": [

"SESSION_NOT_VALID",

"AuthenticationFailed",

"ExpiredJwtException",

"401 Unauthorized"

],

"timeOutError": "Read timed out",

"errorPath": "code",

"maxRefreshTryCount": 6,

"tokenResponsePath": "access_token",

"tokenType": "",

"accessToken": "asdfghjkl",

"testConnectionParams": {

"http": {

"url": "https://xxxxxx/xxxx/xxx/xx",

"httpContentType": "application/x-www-form-urlencoded",

"httpMethod": "GET",

"httpParams": "{\"grant_type\":\"client_cert\"}",

"httpHeaders": {},

"ssl": {

"keyFile": "/opt/sharedappdrive/saviynt/security/cacerts",

"keyFilePassword": "<Provided Password of the certificate>",

"keyManagerAlgorithm": "SunX509",

"keyStoreType": "JKS",

"sslAlgorithmName": "TLSv1.2"

}

},

"errors": [

"Invalid token provided",

"Unauthorized",

"Exception occurred",

"Error"

],

"errorPath": "html.head.title"

}

}

}

}

 

Thanks!

0 Kudos

Bharadwaj
New Contributor III
New Contributor III
In response to Bharadwaj

‎07/24/2023 03:05 AM

Hi,

Are you aware of the versions that Saviynt accepts? We have .p12 and .pem version available? Please let us know. @rushikeshvartak 

 

Thanks!

0 Kudos
Copyright © 2023 Khoros, LLC