Question
LTIMindtree
LTIMindtree
SA
LTIMindtree
Posted: Jun 7, 2023
Last activity: Jun 8, 2023
Last activity: 8 Jun 2023 5:46 EDT
Solved
How to Install DigiCert Root G4 Certificate in Kubernetes Environment
As per CAD-A612, If you received a DL after May 25th, 2023, you may be unable to install it using Hotfix Manager due to following error:
Signature verification failed for DL-24416_INC-269366.zip: Failed to verify signatures: Could not find the root CA for the certificate chain. Expected to find this root certificate: 'CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US'.
In this scenario, the Pega JVM is likely using a custom Truststore which must be updated with ‘digicert trusted root g4’ as explained in the original CAD.
Please share me the references of installing the DigiCert Root G4 Certification in Pega Kubernetes environment.
Accepted Solution
Posted: 2 years ago
Updated: 2 years ago
Updated: 8 Jun 2023 5:46 EDT
LTIMindtree
LTIMindtree
SA
@Kishore Sanagapalli
Pega Article to Fix the Issue: Verifying hotfix authenticity by using a Pega Keystore
Keytool Commands to generate the Keystore and Trust store .jks files.
keytool -genkey -alias <alias-Name> -keyalg RSA -keysize 2048 -keypass <password> -keystore <keystore-Name>.jks -storepass <Same-Password>
keytool -export -alias <alias-Name> -file <Same-Alias-Name> -keystore <same-keystore-name>.jks -storepass <Same-Password>
keytool -import -alias <alias-Name> -file DigiCertTrustedRootG4.cer -keystore <trust-store-name>.jks -storepass <Same-Password>
Conversion of Certificate file from one format to another:
Need to convert .cer file to .crt
openssl x509 -outform der -in DigiCertTrustedRootG4.crt.pem -out DigiCertTrustedRootG4.crt
If, Openssl is not available in your machine,
Open Windows Powershell from Admin Mode and Run command: choco install openssl
Additional Pega References:
URL's to generate the .jks files
1. https://docs.pega.com/security/86/creating-keystorejks-and-truststorejks-files
Adding the .jks files to Pega Platform
@Kishore Sanagapalli
Pega Article to Fix the Issue: Verifying hotfix authenticity by using a Pega Keystore
Keytool Commands to generate the Keystore and Trust store .jks files.
keytool -genkey -alias <alias-Name> -keyalg RSA -keysize 2048 -keypass <password> -keystore <keystore-Name>.jks -storepass <Same-Password>
keytool -export -alias <alias-Name> -file <Same-Alias-Name> -keystore <same-keystore-name>.jks -storepass <Same-Password>
keytool -import -alias <alias-Name> -file DigiCertTrustedRootG4.cer -keystore <trust-store-name>.jks -storepass <Same-Password>
Conversion of Certificate file from one format to another:
Need to convert .cer file to .crt
openssl x509 -outform der -in DigiCertTrustedRootG4.crt.pem -out DigiCertTrustedRootG4.crt
If, Openssl is not available in your machine,
Open Windows Powershell from Admin Mode and Run command: choco install openssl
Additional Pega References:
URL's to generate the .jks files
1. https://docs.pega.com/security/86/creating-keystorejks-and-truststorejks-files
Adding the .jks files to Pega Platform
2. https://docs.pega.com/security/86/uploading-keystore-and-truststore-files
Creating Key Store Files
3. https://community.pega.com/sites/default/files/help_v83/procomhelpmain.htm#data-/data-admin-/data-admin-security-/data-admin-security-keystore/main.htm#_____________Keystores