Issue with importing keystore into Salesforce

When attempting to import a certificate from a Java keystore (JKS) into Salesforce using “Security | Certificate and Key Management” under Setup the following error is encountered:

Data Not Available
The data you were trying to access could not be found. It may be due to another user deleting the data or a system error. If you know the data is not deleted but cannot access it, please look at our support page.

Resolving the issue is easy once you know how:

  1. Go To Setup | Identity Provider
  2. Press “Enable Identity Provider” button (Enabling this option will not affect any existing functionality in the Org. The full Identity Provider setup would need several other steps as well so enabling simply under — Setup | Identity Provider– will not make any difference so it can be enabled safely.)
  3. Once Identity Provider is enabled in the Org, it will create a self-signed certificate in your Org under — Setup | Certificate and Key Management
  4. Try to import the certificate from your JKS through “Import from keystore” option and it should be successful.
  5. (This is optional step) You may disable the Identity Provider again and then delete the automatically created Self-Signed certificate (via step 3) under ‘Certificate and Key Management’. This will turn your Org setup to its original state.

 

Flip Chrome flag to easily inspect TLS certificates (from Chrome 60)

As a developer – or a security conscious user – you may want to inspect TLS certificates from time to time. However inspecting them in Chrome is hard as access to the certificate hierarchy dialog has been tucked away in the Developer Tools. Happily Chrome 60 has added a flag to add an easy to reach option back to the TLS dropdown in Chrome.

Please note that manually editing Chrome browser flags may mess up your browser – don’t say I didn’t warn you…

In the below video I show you how…

Trusting certificates in WebSphere Application Server

If you make SSL connections from a WebSphere Application Server based application the server (or rather the cell) needs to trust the certificate of the server you are connecting to. This is very easy to do in WAS and is easily done using the Integrated Solutions Console (ISC). The way to establish the trust is as follows:

  1. Log into the WebSphere Application Server Integrated Solutions Console (ISC)
  2. From the lefthand navigator select Security/SSL certificate and key management
  3. In the list of related items on the right click “Key stores and certificates”
  4. Click “CellDefaultTrustStore”
  5. In the list of “Additional properties” on the right click “Signer certificates”
  6. Click “Retrieve from port”
  7. Fill out the form with the hostname of the server and the SSL port (usually 443) of the you want WAS to trust. Also supply an alias to know the trust by in the list of trusted certificates.
  8. Click the “Retrieve signer information” button to validate the input and retrieve and trust the certificate
  9. Click OK and then save the changes to the master configuration.