Start a conversation

How to copy server certificates between SOAPam Server instances

Certificate Signing Requests (CSR) created from the SOAPam Server Control Panel are signed with a unique private key stored in the SOAPam Virtual File System (VFS). When a CSR is generated in one SOAPam Server instance, the signed certificate received from the Certificate Authority cannot be imported into another SOAPam Server instance. Even if all of the information in the CSR is identical, the private key used to sign the CSR is different, so the signed certificate will not match a CSR generated in any other instance. Attempting to import the certificate will result in an error that indicates that the certificate does not match the pending CSR.

One exception to this rule, is if two or more instances use a VFS that originated from a single copy. In this case, all virtual filesystems will contain the same private key.

When multiple SOAPam Server instances should use the same certificate, you can create the CSR and install the signed certificate in one instance, and use the VFSMGR utility to export the certificate store from that instance and import it into the others. Note that when using this procedure, all information in the CSR must match. Use the following procedure to export the certificate from the source instance, and import it into the others.

To Export the Certificate Store from the Source Instance

Use the VFSMGR -certexport option. This option exports the certificate store from the source VFS and writes it to <filename>. If the file already exists, specify the '!' option to  indicate that the file should be overwritten. The -vfs option must also be supplied when using this option. The exported certificate store will contain the server certificate, any intermediate certificates, and any pending CSRs.

tacl> run vfsmgr -vfs <source> -certexport <filename> [!]
NuWave Technologies SOAPam VFSMGR Utility 3.1.6
Copyright (c) 2019 NuWave Technologies, Inc. All rights reserved.

Opened VFS \node.$vol.source.
Opened export file \node.$vol.subvol.filename.
Exporting ..........
Certificate store export successfully completed.


To Import the Certificate Store into the Target Instance

Use the VFSMGR -certimport option. This option imports the certificate store from the source <filename> and writes it to the target VFS. The -vfs option must also be supplied when using this option.

Warning: This procedure makes irreversible changes to the VFS. Backing up the VFS prior to this procedure is strongly advised.

tacl> run vfsmgr -vfs <target> -certimport <file-name> 
NuWave Technologies SOAPam VFSMGR Utility 3.1.6
Copyright (c) 2019 NuWave Technologies, Inc. All rights reserved.

Opened VFS \node.$vol.target.
Opened import file \node.$vol.subvol.filename.

WARNING: This process will replace the certificate store contained
in the target VFS with the certificate store contained in the source
import file. As a result any existing keys, certificates,
certificate chains, and certificate signing requests in the target
VFS will be destroyed. This process is not reversible. Are you sure
that this is what you want to do?

Enter 'YES' to continue or any other key to exit: YES

Purging the existing certificate store ...
Importing ...........
Certificate store import successfully completed.


Choose files or drag and drop files
Was this article helpful?
Yes
No