Recovering deleted certificates in SSL

The SSL configuration contains a keystore created to hold personal certificates that were deleted from other keystores in the configuration. Perform this task to recover deleted certificates.

Before you begin

The SSL configuration contains a keystore created to hold personal certificates that were deleted from other keystores in the configuration. On a stand alone application server the keystore is called NodeDefaultDeletedStore and on a deployment manager the keystore is called DmgrDefaultDeletedStore.

When a personal certificate is deleted from a keystore using the administrative console or in a script using the deleteCertificate AdminTask, a copy of the certificate is stored in the DmgrDeletedKeyStore or NodeDeletedKeyStore. The personal certificate takes the alias of <keystore>_<alias> > in the deleted keystore. If the alias name is already used in that deleted keystore a <unique number> is appended to the alias.

A personal certificate can be recovered from the deleted keystore by importing or exporting the personal certificate to a keystore in the configuration. To recover a personal certificate using the administrative console perform the following steps:

Procedure

  1. Click Security > SSL certificate and key management.
  2. Under Related Items, click Key stores and certificates.
  3. From the Keystore usages drop-down list, select "Deleted certificates keystore".
  4. Click DmgrDefaultDeletedStore or NodeDefaultDeletedStore.
  5. Under Additional Properties, click Personal certificates.
  6. Select a certificate.
  7. Select Export
  8. Click OK.
  9. Perform the following:
    • • Enter the keystore password of the deleted keystore.
    • • Enter The alias to be assigned to the certificate (in the key store that will receive the certificate).
    • • Select the ‘Managed key store’ radio button.
    • • Select the key store from the drop down list that will receive the certificate.
    • Click Apply then OK.

Results

Note: To recover a personal certificate you can also use the exportCertToManagedKS AdminTask command.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Oct 20, 2010 11:50:58 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-base-iseries&topic=tsec_7recoverdelcert
File name: tsec_7recoverdelcert.html