E-SSL: Not Recieving PrivateKeyEntry When Validating Keystore Entry, Gettiny keyEntry Instead
(Doc ID 2247321.1)
Last updated on NOVEMBER 13, 2019
Applies to:PeopleSoft Enterprise PT PeopleTools - Version 8.48 and later
Information in this document applies to any platform.
When configuring SSL in our PeopleSoft Weblogic environment, we were using the pdf (Install-or-Renew-WebLogic-SSL-Certificate.pdf) associated with KM Note:
On page 18, Part # 3, point 6, it is advised to check that the new signed certificate was imported properly into the pskey keystore as follows:
6. Validate keystore entry: This step is optional, but if you wish to view the new certificate entry in the WebLogic keystore, you can do so using this command:
pskeymanager –list –verbose –alias peoplesoft (replace “peoplesoft” with your alias name)
The above command will show detailed information for the certificate that you imported. The beginning of the output will look something like this:
Alias name: peoplesoft
Creation date: May 20, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 2
Owner: CN=peoplesoft.oracle.com, OU=Oracle Support, O=Oracle, L=Pleasanton, ST=California, C=US
Issuer: CN=PeopleTools TEST root CA, DC=peoplesoft, DC=com, OU=PeopleTools Development, O=PeopleSoft Inc, L=Pleasanton, ST=CA, C=US
Serial number: 364c9410000000001f6d
Valid from: Mon May 20 09:54:10 PDT 2013 until: Tue May 20 10:04:10 PDT 2014
The main items to check are:
Entry type: Entry type should be value “PrivateKeyEntry”. If it shows another value such as “trustedCertEntry”, then something went wrong and you need to restore pskey (to get back to where it was at beginning of “Part3” and start over
But when we tried that command, we got this:
Creation date: Mar 16, 2017
Entry type: keyEntry
Certificate chain length: 3
Owner: CN=fststapp854.abc.com, OU=it, O=Information Center, L=Tucson, ST=Arizona, C=US
Issuer: CN=TMCPCASUB1, DC=it, DC=it, DC=com
Serial number: 17ce44f60002000005a7
Valid from: 3/15/17 8:16 AM until: 8/31/18 4:03 PM
As you see, my Entry Type is "keyEntry" instead. Does that mean we did non import the signed certificate properly?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document