000015377 - Updating the certificate for a jks store and verifying the contents using keytool

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015377
IssueUpdating the certificate for a jks store and verifying the contents using keytool

SSO top-level profile exception: , com.rsa.fim.profile.sso.SSOProfileException: Error signing assertion: util.crypto.dsig.error.sign: null


Caused by: com.rsa.fim.exception.CryptoUtilException: util.crypto.dsig.error.sign: null at com.rsa.fim.util.crypto.DSigHelper.sign(DSigHelper.java:124)

Resolution

When replacing the certificate for an existing private key, the existing certificate will be overwritten with the new certificate by keytool. This is true for either a self signed certificate or for a certificate that has been signed by a CA.

To list the certificates enter the command "keytool -list -v -keystore mykeystore.jks"

If you have the private key in the keystore it will report back "Entry type: keyEntry" whereas if the private key is not present it will say "Entry type: trustedCertEntry"

The match up of certificate to private key is performed if the alias is the same, so before importing the certificate response from the CA make sure the alais value is correct.

To import the certificate reply from the CA with the signed certificate run "keytool -import -alias mykey -trustcacerts -file myjks.cer -keystore mykeystore.jks"

If the alias is matched to the private key during the import you will see this message: "Certificate reply was installed in keystore"

WorkaroundCertificate was renewed and the private key is unchanged.
NotesThe jks store can contain entry types of  trustedCertEntry and keyEntry. The keyEntry type represents a certificate for which you have the private key, and the trustedCertEntry represents a certificate for which you only have the public key.
Legacy Article IDa49650

Attachments

    Outcomes