Product: TIBCO Spotfire®
How to check the list of certificates present in the keystore used while enabling HTTPS on your TIBCO Spotfire Server
When configuring the TIBCO Spotfire Server to use HTTPS, there may be discrepancies between the certificates in the keystore and the server configuration settings. You can use the command described in this article to list all of the certificates stored in the keystore that is used. There are cases where you might not know the exact certificateKeyAlias that is stored in the keystore or that you are using a different certificate, all of which can cause issues when configuring HTTPS.
For example, this command can also help you solve the "Alias name[certificate_alias_name] does not identify a key entry" error seen in catalina.log as described in KB article 000036920. Use the following command to list all certificates stored in the specified keystore:
<install directory>\jdk\bin\keytool -list -keystore <install directory>\tomcat\certs\spotfireserver.jksWhere <install directory> is updated with the appropriate path in your installation.
> C:\tibco\tss\7.11.0\jdk\bin\keytool -list -keystore C:\tibco\tss\7.11.0\tomcat\certs\spotfireserver.jks Returns: Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries tss_clientcert, 2019-dec-16, trustedCertEntry, Certificate fingerprint (SHA1): 9E:06:B5:8F:69:BF:D4:E0:EA:7F:E7:EC:F9:04:51:0B:12:7A:5B:46 serverkey, 2019-dec-16, PrivateKeyEntry, Certificate fingerprint (SHA1): 4E:7F:41:40:81:02:B0:C4:16:53:B1:DF:39:FF:D4:3A:B6:CD:58:07In this example, we see there are two certificates with the keyaliases "tss_clientcert" and "serverkey". Based on these results you should use the same name for the "keyalias" parameter in the server.xml file (located in \tomcat\conf\ folder).
Doc: Configuring HTTPS
Article is closed for comments.