Support - PeopleSoft - Adding a new Certificate to the Keystore

PeopleSoft comes with a number of SSL Certificates to trust various sites (mostly Verisign).  If you prefer to NOT update the keystore with the DigiCert, you can use our url which uses the standard Verisign cert and the below steps are not required.


To access the servers require the DigiCert.  This is NOT a standard step.

Download the Certificates.

  1. Navigate to the URL using Internet Explorer. (For example, or
  2. Select the security button to the right of the link – you will see the digital certificate information. Then click on the view certificates link.
  3. From the certificate window, select the Certification Path tab.
  4. Select the root certificate and select View Certificate.
  5. Select the details tab and select Copy to File.
  6. You will view the initial export to file screen. Select Next >.
  7. Choose a file type of Base-64 encoded X.509 and select Next >.
  8. Enter a file name and select Next >.
  9. Select the Finish button to complete the process.
  10. Repeat this process for the second level certificate.

Load certificates into the Gateway Keystore

  1. Navigate to your PeopleSoft keystore directory on your webserver and execute the command: pskeymanager.cmd –list
  2. You will be asked for the keystore password ( default is password.)
  3. Once you have entered your password, the default certificates will be displayed. If you have not loaded your own certificates there will be 15 default entries.
  4. We now need load the new certificates. You will need to load the *.cer files into the keystore. Move these two files onto the web server in an accessible directory.
  5. Now run the pskeymanager process and import a certificate.
  6. You will be asked for the password.
  7. You are then asked for an alias. Please enter the alias as the file name for each of the certificates. Use the name of the Certificate. 
  8. Now enter the file name of the .cer file. 
  9. Finally, you are asked to trust this certificate. Please type ‘yes’ here and hit return. You will receive a final message indicating that the certificate was added to the keystore.
  10. You may confirm that this certificate is displayed by using the command ‘pskeymanager –list’ – you should now have one more certificate in your keystore.
  11. Please add the second level certificate in the same manner. Once complete, you may execute ‘pskeymanager -list’ and you will see the second cert loaded.
  12. Please restart your web server and then retest connectivity. You should now be able to successfully connect using the new Certificates.

Feedback and Knowledge Base