web stats
How do we edit keystore.jks without Mirth Connect Administrator? - Mirth Community

Go Back   Mirth Community > Mirth Connect > Support

Reply
 
Thread Tools Display Modes
  #1  
Old 06-26-2015, 10:01 AM
clinjohn clinjohn is offline
OBX.2 Kenobi
 
Join Date: Apr 2015
Posts: 95
clinjohn is on a distinguished road
Question How do we edit keystore.jks without Mirth Connect Administrator?

Our security team recently added an internal self-signed certificate to our development SQL-Server, which is the DBMS our dev Mirth Connect uses. After they did this, SQL-Server was rebooted and immediately our Mirth Connect service stopped running because it could no longer connect to its database. The Mirth Connect log shows an error that verifies that certificate credentials are the issue.

The security folks think they can fix this if they can add the new cert info to a keystore.jks file that will get used for the connection. This precipitated a couple of questions:

1) We can't edit appdata/keystore.jks thru Mirth Connect Administrator since we can't boot Mirth Connect. Our security admins tried to edit Mirth's keystore.jks thru a tool of their own but were not able to do so because they didn't know Mirth's password to the keystore file. Is this publicly known and published somewhere? (We do not have a support agreement, so we have no one at Mirth Corp to ask for the password.)

2) If the password isn't available, does Mirth Connect require that the keystore.jks in the appdata folder be used, or can it be configured to use a Windows level keystore.jks? If yes, how can this be configured without access to Mirth Connect Administrator?
Reply With Quote
  #2  
Old 06-26-2015, 10:10 AM
narupley's Avatar
narupley narupley is online now
Mirth Employee
 
Join Date: Oct 2010
Posts: 7,097
narupley is on a distinguished road
Default

The store and key passwords to the keystore are located in mirth.properties. And yes, in that properties file you can point to whatever JKS file you wish.

If you want the public/private keypair in that keystore to be used by default for mutual auth on outgoing connections by the JVM, you can edit the vmoptions file to set the default keystore and storepass.
__________________
Step 1: JAVA CACHE...DID YOU CLEAR ...wait, ding dong the witch is dead?

Nicholas Rupley
Work: 949-237-6069
Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


- How do I foo?
- You just bar.
Reply With Quote
  #3  
Old 06-26-2015, 10:31 AM
clinjohn clinjohn is offline
OBX.2 Kenobi
 
Join Date: Apr 2015
Posts: 95
clinjohn is on a distinguished road
Default

Thanks, that was a quick reply!

As it happens, I discovered the keystore section in mirth.properties just before I read your response, but I'm glad you confirmed what I found.
Reply With Quote
Reply

Tags
certificates, keystore, sql server

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -8. The time now is 06:07 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Mirth Corporation