Import Key Certificate with different password using Web Console

You won’t be able to upload a Key certificate with password different than existing key certificate password via IBM® Connect:Direct® Web Service Web Console. If you still want to use those certificates, you have to Import Key Certificate with different passwords. To do this from web console:
  1. Login as an Admin user.
  2. Go to Certificates> Key Certificate> View> Delete all existing Key Certificates from existing Keystore.
  3. Go to Certificates> Key Certificate/Trust Certificate > Import and import new Key Certificate in that Keystore in the same session.
  4. Edit application.properties file and change the value of server.ssl.key-alias property with Certificate Label to be used by Connect:Direct Web Services.
  5. Depending on your environment type, issue one of the following commands:
    • In Windows, stop and start MFTWebservices from the Task manager for changes to take effect.
    • In UNIX, issue the following command to stop and start MFTWebServices for changes to take effect.
    % ./$CDWS_INSTALLATION_DIR$/bin/stopWebservice.sh
    % ./$CDWS_INSTALLATION_DIR$/bin/startWebservice.sh
Alternative approach
If you do not wish to delete the old certificates, rather change their passwords and import the new certificates, follow these steps:
  1. Update the Key Certificate password using following keytool command:
    keytool -keypasswd -Keystore <path_of_Keystore/Truststore_with_name> -alias <key_certificate_alias>
    Enter Keystore password:
    Enter key password for <key_certificate_alias>:
    New key password for <key_certificate_alias>:
    Re-enter new key password for <key_certificate_alias>:
    Password change successful for alias <key_certificate_alias>
    
  2. Run following utility to sync the new password with CDWS:
    java -jar ChangeKeystoreTruststoreAndUpdatePassword.jar
    Enter Admin Password:
    Please Select from below options:
    1. Type K and Enter to Change Keystore OR Sync Keystore Password with CDWS.
    2. Type T and Enter to Change Truststore OR Sync Truststore Password with CDWS.
    3. Type C and Enter to Sync Key Certificate Password with CDWS.
    4. Type Q and Enter to Exit.
    Enter your Choice: K
    Enter the complete path of Keystore: (including fileName(.jks)):
    Enter Keystore Password:
    Confirm Password:
    Keystore details updated successfully
    Press Y to Continue OR Q to Exit:Q
    Exiting the Utility.
    
    Attention: Use the above command to update CDWS with new password if you forgot Keystore/Truststore password. However, you cannot recover Keystore password because of security reasons.
  3. Depending on your environment type, issue one of the following commands:
    • In Windows, stop and start MFTWebservices from the Task manager for changes to take effect.
    • In UNIX, issue the following command to stop and start MFTWebServices for changes to take effect.
    % ./$CDWS_INSTALLATION_DIR$/bin/stopWebservice.sh
    % ./$CDWS_INSTALLATION_DIR$/bin/startWebservice.sh
  4. Follow the steps mentioned in Add/Import a certificate(s) to IBM Connect:Direct Web Service Keystore/ Truststore .