Version 8.2
Hi,
We are trying to install the SSL certificate.But when we trying to check in tomcat nothing is found regarding SSL certificate and also we are unable to locate existing certificate.
Can you please help us as what should we do in such cases and how we install the SSL certificate?
Regards
Amit
Hi @ayadav_12 ,
Is your Tomcat instance(s) on Windows or Linux server(s)? Are you trying to renew the existing ssl certificate due to expiration date or first time installing it?
I believe the following article could provide more insights on it: Securing SailPoint deployed on Tomcat server - Compass . Your key file is called âserver.xmlâ in your Tomcat directory and your key word is âkeystoreFileâ (will lead you to the keystore where the ssl certificate is stored/will be stored).
Hope this helps.
Hi @gentjan_kocaqi ,
Thank you for your reply. We are renewing the certification due to expiration. We have cheked the server.xml file and the details were commented out for the configurations.
Is it configured in load balancer level or network load balancer level and how can we check that. kindly please help.
Regards
Amit
are you using HTTPS to access IIQ URL? Itâs possible that those keystore entries are on tomcat executable file under JAVA_OPTiONS, have you checked there? If itsâs not even there, then please look at the tomcat guide to enable SSL. You should be able to find helpful references on compass too.
Hi,
We checked that we are updating the SSL certificate in Azure in application proxy. As we are having issue with generating the .pfx certificate file from sailpoint server assuming we already have the new certificate which doesnât require the CSR. Please help us how we can generate .pfx cert file? Also, we have tried to export from certlm.msc-> personal but still the pfx option is disabled. Please help us on this on priority.
Regards
Amit
Hi,
Can anyone please help on this.
Regards
Amit
Hi Amit, can I know what is the issue with generating CSR and please elaborate on âassuming we already have the new certificate which doesnât require the CSRâ?
Hi Muhammad,
We didnât generate the CSR as we already have the new certificate. The issue we have is we want the certificate in .pfx format and we were unable to do it through our SailPoint server. Is there a way that we can convert this certificate into .pfx format.
Regards
Amit
You will need a third party app to generate the cert from pfx file. We used Key Store Explorer. Remeber when generating the SSL cert to name all the Domians.
I have found the link to help when using the Key Store Explore app.
[KSE Manual - Key Pairs (keystore-explorer.org)]
KSE Manual - Key Pairs)
âŚor in alternative you can make use of the following command (Linux) to convert an ssl certificate to a pfx one:
openssl pkcs12 -export -out new-pfx-cert.pfx -inkey private-key.key -in current-certificate.pem
Said that, I am a bit lost about how is your architecture here and where your Sailpoint IdentityIQ stands. Good luck.