If your existing middleware agent Secure Sockets Layer
(SSL) certificates expire, manually replace the certificates from
within the administrative console.
Before you begin
You must be able to access the deployment manager for each
cell with which you want to communicate.
About this task
Renew expired SSL certificates so the middleware agent
can continue to securely communicate with the deployment manager and
nodes.
Procedure
- Run the backupConfig command on the
deployment manager.
- Stop the middleware agent.
- In the administrative console, click . Select the specific middleware agent, and select Stop
agent from the Select operational action menu.
Click Run.
- From the command line, run the stopAgent.sh|.bat command
from the agent_install_root/bin directory.
- Create a new middleware agent certificate.
- Click .
- Click Create a self-signed certificate.
- Enter the following attributes for the new certificate,
and click OK:
- Alias: node_name_default
- Common name: host_name
- Validity of period: number_of_days
- Organization: company_name
Click Save to save your changes.
- Replace the existing certificate with the new certificate.
- Click . Select
the existing certificate, and click Replace.
- Select and accept the new certificate.
Note: Do not select Delete old certificate
after replacement or Delete old signers.
- Select the existing certificate, and click . Click Save to save your changes.
- Add the signer certificate for the node to the CellDefaultTrustStore
key store.
- Click . Select Key stores and certificates.
- Select NodeDefaultKeyStore and CellDefaultTrustStore,
and click Exchange signers.
- Select the certificate you created in step 3, and click Add. Click OK, and click Save to
save your changes.
- Delete the existing certificates, and extract the new certificates.
- Click .
- Select the existing certificates, and click Delete.
Tip: To verify which certificates to delete, compare
the fingerprint or expiration dates with the personal certificate
in the key stores.
- Stop the deployment manager.
- In the administrative console, click .
- From the command line, run the stopManager.sh|.bat command
from the profile_root/bin directory
of the deployment manager profile.
- Copy the trust.p12 and key.p12 files
from the deployment manager node to the middleware agent node. The trust.p12 and key.p12 files
are in the profile_root/dmgr/config/cells/cell_name/nodes/middleware_agent_node directory.
- From the install_root/config/cells/cell_name/nodes/node_name directory
on the middleware agent node, save the trust.p12 and key.p12 files
to a backup directory. Copy the trust.p12 and key.p12 files
that you copied in step 8 to the directory.
- Start the deployment manager. Run the startManager.sh|.bat command.
- Start the middleware agent.
- In the administrative console, click . Select the specific middleware agent, and select Start
agent from the Select operational action menu.
Click Run.
- From the command line, run the startAgent.sh|.bat command
from the agent_install_root/bin directory.