I’m running an IBM Spectrum Protect Operations Centre server using a wildcard certificate. The Spectrum Protect server is actually running WebSphere Liberty server under the hood. WebSphere Liberty requires a pkcs12 certificate, which I’ve been using without problem for six months or so. That is: I’ve converted Let’s Encrypt wildcard certificates twice and successfully imported them into Liberty. Until the last update I did yesterday, where the procedure I have been using generates an error.
I have let’s encrypt installed on a Linux box and performed the update as usual using:
/usr/local/bin/certbot -d *.domain.net --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns certonly
The webserver on the Linux box is working fine with the newly updated cert.
To convert for pkcs12 to be imported into the WebSphere liberty server, I issue the following command (which is the same command I’ve used twice before with no problem):
openssl pkcs12 -export -out keystore.p12 -inkey privkey.pem -in fullchain.pem -name "default" -password pass:password
This generates a keystore.p12 file, which I copy over to the websphere server and import using the java keystore, using the following process:
Open “ikeyman” (IBM key Manager java gui)
Open the “gui-truststore.jks” file - the websphere liberty servers key database
Delete the old “default” cert
Import the new keystore.p12 file as “default” cert
The new “default” certificate is highlited in yellow, when I click on “validate” it says “warning: validation failed: Missing intermediate or root certificate”
I have updated Spectrum Protect (and consequently WebSphere Liberty) however this was with a previous version of the certificate made with the same process and everything continued working just fine, until this update.
From searching around the internet, it appears that I’m using the correct method to convert the let’s encrypt supplied files into a pkcs12, but TBH encryption is one of the few areas in IT where I’m at a loss knowledge wise, so I’m just not sure if I’m asking the right questions.
Does anyone have any ideas?