E-SSL: Not Recieving PrivateKeyEntry When Validating Keystore Entry, Gettiny keyEntry Instead (Doc ID 2247321.1)

Last updated on MARCH 23, 2017

Applies to:

PeopleSoft Enterprise PT PeopleTools - Version 8.48 and later
Information in this document applies to any platform.

Goal

When configuring SSL in our PeopleSoft Weblogic environment, we were using the pdf (Install-or-Renew-WebLogic-SSL-Certificate.pdf) associated with KM Note:

E-SSL: How to Install/Renew an SSL Certificate on WebLogic 10.3.x for PeopleTools 8.51-8.54 (Doc ID 1555672.1)

On page 18, Part # 3, point 6, it is advised to check that the new signed certificate was imported properly into the pskey keystore as follows:

6. Validate keystore entry: This step is optional, but if you wish to view the new certificate entry in the WebLogic keystore, you can do so using this command:

pskeymanager –list –verbose –alias peoplesoft (replace “peoplesoft” with your alias name)

The above command will show detailed information for the certificate that you imported. The beginning of the output will look something like this:

Alias name: peoplesoft
Creation date: May 20, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=peoplesoft.oracle.com, OU=Oracle Support, O=Oracle, L=Pleasanton, ST=California, C=US
Issuer: CN=PeopleTools TEST root CA, DC=peoplesoft, DC=com, OU=PeopleTools Development, O=PeopleSoft Inc, L=Pleasanton, ST=CA, C=US
Serial number: 364c9410000000001f6d
Valid from: Mon May 20 09:54:10 PDT 2013 until: Tue May 20 10:04:10 PDT 2014

The main items to check are:

 Entry type: Entry type should be value “PrivateKeyEntry”. If it shows another value such as “trustedCertEntry”, then something went wrong and you need to restore pskey (to get back to where it was at beginning of “Part3” and start over

 But when we tried that command, we got this:

 

Alias name: PSOFTSRVR
Creation date: Mar 16, 2017
Entry type: keyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=fststapp854.abc.com, OU=it, O=Information Center, L=Tucson, ST=Arizona, C=US
Issuer: CN=TMCPCASUB1, DC=it, DC=it, DC=com
Serial number: 17ce44f60002000005a7
Valid from: 3/15/17 8:16 AM until: 8/31/18 4:03 PM


As you see, my Entry Type is "keyEntry" instead. Does that mean we did non import the signed certificate properly?

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms