19 Multiple HTTPS/SSL Certificate Support

VNFM supports multiple SSL Certificate handling automatically. During SSL handshake with a cloud, the certificate is automatically added to the keystore, which is further used to make subsequent openstack calls.

To check if the certificate has been added successfully to the keystore, the following steps can be performed.

1. To check if the certificate has been added into the keystore file successfully, execute:

   keytool -v -list -keystore <NAME OF THE KEYSTORE FILE > -storepass <PASSWORD OF THE KEYSTORE>

   For example: keytool -v -keystore vnfm_default.jks -storepass password

   This command returns all the certificates present inside the keystore and the corresponding information such as the Alias, Date Of Expiry, Public Keys etc.

2. To delete certificates manually from the keystore, execute:

   keytool -delete -keystore <NAME OF THE KEYSTORE FILE> -store pass <PASSWORD OF THE KEYSTORE> -alias <keyAlias>

Note:

• The keystore has a format for saving the certificates/keys, therefore while removing certificates, only the keytool should be used. Manual deletion within the file can lead to keystore corruption. If the user wants to remove all the certificates from the keystore, it should be done properly by removing the all the certificates with the help of the above command. Simply truncating the data may disrupt the format of the encrypted data and therefore can corrupt the keystore.
• If the following message is displayed on swagger after certificate is imported into vnfm_default.jks, then follow the procedure Reboot Tomcat:

  "Reason: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target"