As per CAD-A612, If you received a DL after May 25th, 2023, you may be unable to install it using Hotfix Manager due to following error:
Signature verification failed for DL-24416_INC-269366.zip: Failed to verify signatures: Could not find the root CA for the certificate chain. Expected to find this root certificate: ‘CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US’.
In this scenario, the Pega JVM is likely using a custom Truststore which must be updated with ‘digicert trusted root g4’ as explained in the original CAD.
Please share me the references of installing the DigiCert Root G4 Certification in Pega Kubernetes environment.
@KishoreSanagapalli
Pega Article to Fix the Issue: Verifying hotfix authenticity by using a Pega Keystore
Keytool Commands to generate the Keystore and Trust store .jks files.
keytool -genkey -alias -keyalg RSA -keysize 2048 -keypass -keystore .jks -storepass
keytool -export -alias -file -keystore .jks -storepass
keytool -import -alias -file DigiCertTrustedRootG4.cer -keystore .jks -storepass
Conversion of Certificate file from one format to another:
Need to convert .cer file to .crt
openssl x509 -outform der -in DigiCertTrustedRootG4.crt.pem -out DigiCertTrustedRootG4.crt
If, Openssl is not available in your machine,
Open Windows Powershell from Admin Mode and Run command: choco install openssl
Additional Pega References:
URL’s to generate the .jks files
- https://docs.pega.com/security/86/creating-keystorejks-and-truststorejks-files
Adding the .jks files to Pega Platform
- https://docs.pega.com/security/86/uploading-keystore-and-truststore-files
Creating Key Store Files
- https://community.pega.com/sites/default/files/help_v83/procomhelpmain.htm#data-/data-admin-/data-admin-security-/data-admin-security-keystore/main.htm#_____________Keystores