Replacing an existing personal certificate
Occasionally, you need to replace an existing personal certificate with a new certificate. This task discusses how to replace the existing personal certificate in the keystore. It searches all keystores for a signer certificate extracted from the original personal certificate, and places the signer of the new personal certificate in it's place. It also updates all of the certificate alias references in the security configuration with the new one.
Before you begin
Alternative Method: To replace a self-signed
certificate by using the wsadmin tool, use the replaceCertificate command
of the AdminTask object. For more information, see the PersonalCertificateCommands
command group for the AdminTask object article
About this task
Procedure
Results
- If you selected Delete old certificate, the new certificate alias replaces all of the references to the certificate alias in the configuration.
- If you selected Delete old signers, the new signer certificate replaces all of the occurrences of the old signer certificates.
- If
the new certificate alias replaces the existing alias, the WebSphere® Application Server runtime checks
to make sure that:
- All of the SSL Configurations objects reference the certificate
- The Dynamic SSL Configuration Selections objects and the SSL Configuration group objects reference the certificate.
- If you selected Delete old signers, the existing signer certificates are replaced.
- If you selected Delete old certificate, the existing certificate is deleted.