Correct keystore.jceks and truststore location for CDM OpenIDM?

Tagged: ,

This topic has 0 replies, 1 voice, and was last updated 3 months, 3 weeks ago by ssd.

  • Author
    Posts
  • #27258
     ssd
    Participant

    I’m trying to use a previous (4.5) keystore.jceks and truststore (required for a data migration) in a 6.5.0.2 deployment via CDM. But I see 2 locations in the deployed openidm pod:

    • /opt/openidm/security/{keystore.jceks,truststure} – from my docker image
    • /opt/openidm/secret/{keystore.jceks,truststure} – mounted from a k8s secret

    After placing my truststore and keystore.jceks in the helm/openidm/secrets dir and doing a helm install, openidm errors off with:

    java.io.IOException: Keystore was tampered with, or password was incorrect
    ...
    java.io.IOException: Can't open boot keystore
    ...
    Caused by: java.security.KeyStoreException: Exception trying to fetch key with alias dsameUserPwd
    ...

    and more errors that seem to spawn from this.

    Which location is openidm actually using? I’ve verified that the password in boot.properties can list the contents of each store.

    Previous version is 4.5. Is there more I need to do beyond copying the 2 store files?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?