Occasionally, you need to replace an existing or expired self-signed
certificate with a new certificate. Certificates are referenced in the runtime
configuration by the Secure Sockets Layer (SSL) Configuration object and the
Dynamic SSL Configuration Selection object. You can replace a certificate
with a new certificate alias reference or with a new signer certificate.
Before you begin
The current certificate and the certificate replacement must exist
in the same keystore before you can replace a certificate.
About this task
Complete the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management > Manage
endpoint security configurations > {Inbound | Outbound} > ssl_configuration >
Key stores and certificates > [keystore ].
- Under Additional Properties, click Personal certificates.
- Select the certificate to be replaced. The alias list
must include the certificate to be replaced and the certificate to replace
it with.
- Click Replace.
- Select a replacement certificate alias from the list.
- You can delete one of the following types of certificates:
- Select Delete old certificate to delete the existing or expired
certificate.
- Select Delete old signers to delete the existing signer certificates.
- Click Apply.
Results
Your results depend on what you selected:
- If you selected Delete old certificate, the new certificate alias
replaces all of the references to the certificate alias in the configuration.
- If you selected Delete old signers, the new signer certificate
replaces all of the occurrences of the old signer certificates.
- If the new certificate alias replaces the existing alias, the WebSphere
Application Server runtime checks to make sure that:
- All of the SSL Configurations objects reference the certificate
- The Dynamic SSL Configuration Selections objects and the SSL Configuration
group objects reference the certificate.
- If you selected Delete old signers, the existing signer certificates
are replaced.
- If you selected Delete old certificate, the existing certificate
are deleted.