Forum Discussion

Hennepin-JB's avatar
7 years ago

Anyone know what a KeyStore Password file is?

If I want to install my own "3rd Party" certificate for the Web Management Console (aka "the Modern UI"), the documentation at https://www.veritas.com/support/en_US/doc/21733320-132525226-0/v133148073-132525226 says I need to generate a Java Keystore file and a "keystore password file".  

The Java Keystore isn't a big deal, Oracle's documentation on how to create a keystore, give it a password, and store a certificate in it is good enough.  But I can't find anything that leads me to believe that a "keystore password file" is than the figment of the imaginations of several people at Veritas.

Who else has installed a third party certificate for the 8.1.2 modern web UI?  And how did you create the keystore password file?

  • Did you find a solution for creating a password file?

    • Hennepin-JB's avatar
      Hennepin-JB
      Level 3

      Nope, I haven't found a solution on my own.  If I happen to find something, or am provided a solution outside of this forum, I'll post it here.

      • Amol_Nair's avatar
        Amol_Nair
        Level 6

        The keystore password file is just a file containing the password to access JAVA keystore file. It could be any name or extension 

         

        For Example:

        To import the CA certificate I would use the below keytool 

        keytool -importcert -noprompt -trustcacerts  -file certificate.crt -keystore test.jks -storepass password2 -alias testCA

         

        So my password file would be any file which contains the text as  - "password2" in it (without quotes)

        Let me know if you face any issues or need any help with any commands while trying to setup the 3rd party certificates and I can try to help you out

         

  • Am I correct in assuming that your question relates to steps 2 and 3 shown below and the fact that, unless you're specifically familiar with these concepts, "Convert the third-party certificate" & "Create a keystore password file" are not tasks that you can easily perform on your master server unless you know anything about security and certificates? 

    1. Ensure that you have a valid third-party certificate and a matching private key.
    2. Convert the third-party certificate and the private key into a password-protected Java KeyStore file.
    3. Create a keystore password file that contains the password, which can be used to access the Java KeyStore file.

     

    • Hennepin-JB's avatar
      Hennepin-JB
      Level 3

      Yes, that's what I'm asking.  And while it's not somehting I do every day, I'm not a complete noob when it comes to PKI and SSL certificates.  I just don't deal with Java development, so a Keystore is new to me.

      I can do a CSR and get a cert from my local Windows CA, but seriously, try a Google search of "Keystore Password file" there are no relevent search results.

       

      • RiaanBadenhorst's avatar
        RiaanBadenhorst
        Level 6

        Well I am a noob in this domain. My point being that the documentation should be a bit more helpful and not assume that everybody knows everything about everything.