Which keycert gets used for clients of Sterling External Authentication Server?

Body

This article answers the question for Windows. For Unix instead of \ use a / for any directory path. Instead of .bat look for .sh for example stopSeas.sh.

SEAS=Sterling External Authentication Server

The SEAS clients under {SEAS_INSTALL}/bin like cli.bat, stopSeas.bat, and configureAccepter.bat all
use the same keycert that the SEAS server uses. You may discover the configured keycert for SEAS
by running SEASCipherConfigToo utility. Indeed the SEAS server keycert is placed in {SEAS_INSTALL}/conf/system/keystore, likewise,
the trusted certificates are kept in {SEAS_INSTALL}/conf/system/truststore. Once, the keycert has been
inserted into {SEAS_INSTALL}/conf/system/keystore, then you may use the tool below to select which
keycert in {SEAS_INSTALL}/conf/system/keystore to be used. The SEAS GUI has a mechanism for
configuring it with the keystore  and truststore to use to TLS connections.

****************************************************************************************************************************************
c:\SEAS2430-20161114-MAINT-BUILD88\bin>SEASCipherConfigTool.bat -help

Enter the system passphrase:


Loading configuration files...
Usage: SEASCipherConfigTool <switch> [options]

Switch:
  -u Update configuration
  -s Show configuration
  -p display the supported TLS protocols for SEAS
  -c display the supported Ciphersuites for specified TLS protocol
  -h Show usage (this message)

Options:
-u options:
   eaSslProtocol=TLS protocol version to use for TLS communication
   eaServerAlias=Key certificate alias for SEAS server TLS
   eaClientAlias=Key certificate alias for SEAS client TLS
   eaCiphers=<list> Cipher suites for SEAS
      Separate cipher suites with commas, colons, or semicolons.
-c options:
   protocol=<protocol> TLS protocol for which its supported ciphers need to be displayed

      Supported TLS versions for SEAS : SSLv3, TLSv1,  TLSv1.1, or TLSv1.2; TLSv1.1; TLSv1; TLSv1.2; SSLv3

Supported SEAS Ciphersuites for TLS version : TLSv1
      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
      TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
      TLS_ECDHE_RSA_WITH_RC4_128_SHA
      TLS_RSA_WITH_AES_256_CBC_SHA
      TLS_RSA_WITH_AES_128_CBC_SHA
      TLS_RSA_WITH_3DES_EDE_CBC_SHA
**************************************************************************************************************************************************

c:\SEAS2430-20161114-MAINT-BUILD88\bin>SEASCipherConfigTool.bat -s
IBM Sterling External Authentication Server V2.4.3.0
Copyright (c) 2016 IBM

Enter the system passphrase:


Loading configuration files...

EA Server SSL configuration:
  SSL/TLS protocol   : (unspecified)
  Cipher suites      : [TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA]
  Key store file     : ../conf/system/keystore
  Trust store file   : ../conf/system/truststore
  Server alias       : (unspecified)
  Client alias       : (unspecified)

c:\SEAS2430-20161114-MAINT-BUILD88\bin>