Replacing or renewing a certificate is similar to importing
it for the first time, but you also replace the old certificate with
the new one.
Before you begin
You have received the signed certificate from the certificate
authority. You have determined whether the certificate is signed by
a root CA or an intermediate CA. If the certificate was signed by
an intermediate CA, then you have imported into the keystore all intermediate
CA certificates. Now you are ready to import the signed certificate
itself into the keystore.
About this task
WebSphere® Application
Server can receive only those certificates that are generated by a WebSphere Application Server
certificate request. It cannot receive certificates that are created
with certificate requests from other keystore tools, such as iKeyman
and keyTool. The keystore must contain the certificate request that
was created and sent to the CA. This means that you cannot import
a certificate to the keystore if the keystore does not contain the
original certificate request.Make sure the certificate file you
have received does not contain any text lines before the "
-----BEGIN CERTIFICATE-----"
line. These lines can cause
the certificate import process to fail, and therefore you must delete
these lines if they are present in the certificate file.
Procedure
- Log in to the Integrated Solutions Console.
- Click .
- In the Additional Properties section,
click Personal certificates.
- Click Receive a certificate from a certificate
authority.
- Type the full path and name of the certificate file.
For example on windows: c:\mycertificate.cer
- Do not change the default data type on the list (Base64-encoded
ASCII Data).
- Click Apply and Save.
- From the Integrated Solutions Console, click .
- Select the keystore that contains the new and old certificates.
- Select the old certificate and click Replace.
- Verify that the old certificate is listed in the Old
certificate field.
- Select the new certificate from the "Replace with" list.
- Click OK and Save.
- Restart the Sametime® Gateway
Server.
For a stand-alone server: the single Java™ process.
For a cluster
configuration: restart the DMGR, STGW servers, XMPP proxies, SIP Proxies.
You
do not need to restart the node agents.