Error adding SSLInfo after creating truststore

Not applicable
I have a .p12 file. I converted this this a .pem file.
openssl pkcs12 -in my.p12 -out mynew.pem -passin pass:custpasswo

I then created the trust store with the .pem files created previously
curl -X POST -H "Content-Type: text/xml" -d '<KeyStore name=“my-store"/>' https://api.enterprise.apigee.com/v1/organizations/{myorg}/environments/{mye}/keystores. 

I then uploaded the file 
curl -X POST -H "Content-Type: multipart/form-data" -F file="@mypemfile.pem" https://api.enterprise.apigee.com/v1/organizations/{myorg}/environments/{mye}/keystores/my-store/cer.... 

I added is to my Target definition 
      <SSLInfo>
            <Enabled>true</Enabled>
            <ClientAuthEnabled>true</ClientAuthEnabled>
            <KeyStore>my-store</KeyStore>
            <KeyAlias>my-store-alias</KeyAlias>
            <TrustStore>my-store</TrustStore>
        </SSLInfo>

I am unable to deploy this with error "Target default has invalid keyalias reference my-store-alias."
1 2 1,606
2 REPLIES 2

Dear @rajeev@apigee.com,

  1. The KeyAlias used in the SSLInfo section should be the name of the alias that you used while creating the Keystore.
  2. However, you seem to be using the alias "my-store-alias" that was specified while creating the truststore. This could be the reason why you are seeing the error.
  3. I am not sure if you are allowed to use the same name for KeyStore and Truststore. It is always better to use to different names for Keystore and Truststore to avoid confusion.

Please refer to this link for more information how to create Keystore and Truststore.

Thanks,

Amar

Not applicable

The main question you have to ask is this. Is the cert self signed?

If the answer is yes then you have to create a Keystore and upload the jar.

If all you have is the .p12 file, then you have to generate the .cert and the .key files which you can using the following steps

Exporting cert: -

openssl pkcs12 -in mycertfilename.p12 -nokeys -out cert.pem

Exporting Key:

openssl rsa -in key.pem -out server.key

Now follow the steps laid out in the documentation - http://docs.apigee.com/api-services/content/keystores-and-truststores#createakeystore.