Hi Folks !
Planning to have my appliances replaced by new ones, I need to export the current in-place certificates (console & virtual host) ?
I have the JKS webserver-identity.jks, and tried to export into p12 format, but now I can't import it back into the OC of my freshly installed appliance.
It complains about the password, but I'm sure it's the right one.
Does anyone know what the problem could be ?
Kind Regards,
David
The /opt/rsa/am/server/logs/ops-console.log should have the reason, which is not that you did not type the correct password but probably something like the password was encrypted with RC2 so is not FIPS compliant.
When you exported the Cert as a P12 per our instructions, 000017517 - Export a custom certificate with the private key from an RSA Authentication Manager 8.x server you need the private key password which will be included in the P12. The default settings encrypt the private key password with RC2, which is the likely cause of your problem, and documented in this KB, 000034200 - Importing an SSL console certificate PKCS#12 file to the RSA Authentication Manager 8.2 Operations Console fails with password incorrect
So if this is your problem (check the ops-console.log) you need a way to encrypt the private key with a FIPS compliant cipher.
The work-around in the 34200 KB has some syntax for manipulating the P12 with openssl, but Key explore probably also allows for this.