Replacing SSL certificates instructions :

For WAS:

1.Take backup from the below respective locations

i. Run backupConfig on the Deployment Manager: Ex :

/www/WebSphere7/AppServer/profiles/Dmgr/bin

ii.Run backupConfig on the Appserver nodes : EX :

/www/WebSphere7/AppServer/profiles/Appsrvr/bin

iii. Backup the key.p12 & trust.p12 on Dmgr profile

:Ex:/www/WebSphere7/AppServer/profiles/Dmgr/etc

iv..Backup the key.p12 & trust.p12 on each of the nodes profile_root Ex:
/www/WebSphere7/AppServer/profiles/Appsrv/etc directories

2.Replace the Deployment Manager certificate.

i. In the Administrative Console, go to Security > SSL certificate and key management > Key stores and
certificates > CellDefaultKeyStore > Personal certificates > Create a self-signed certificate

ii. Enter the required attributes.

Alias :

Common name :

Bit size :

Validity period :

Organization :
iii. Return to Security > SSL certificate and key management > Key stores and certificates >
CellDefaultKeyStore > Personal certificates

iv. Select the old certificate and click Replace.

v. Then replace the old one with the new one.

vi.select the old certificate and click Delete.

4. Add the Deployment Manager signer certificate to the CellDefaultTruststore.

i. Go to SSL certificate and key management > Key stores and certificates.

ii. Select CellDefaultKeyStore and CellDefaultTrustStore and click Exchange signers.

iii. Select the certificate in CellDefaultKeyStore personal certificates created in previous step and click
Add

5. Replace the certificate on the nodes.

This step will need to be done for each node in the cell.

i. Go to Security > SSL certificate and key management > Manage endpoint security configurations.

ii. Under Inbound, click the link for the node, node_name (NodeDefaultSSLSettings,null).

iv. Click Create a self-signed certificate.

v. Enter the required attributes.

Alias :

Common name :

Validity period :

Bit size :

Organization :

vi. Return to Security > SSL certificate and key management > Manage endpoint security configuration s,
click node_name (NodeDefaultSSLSettings,null), click Manage certificates.

vii. Select the old certificate and click Replace.

viii.Then replace the old one with the new one.

ix. select the old certificate and click Delete.

6. Add the Node signer certificate to the CellDefaultTruststore.

This step will need to be done for each node in the cell.

i. Go to Security > SSL certificate and key management > Manage endpoint security configurations.

ii. Under Inbound, click the link for the node, node_name (NodeDefaultSSLSettings,null) and select Key
stores and certificates.

iii. Select NodeDefaultKeyStore and CellDefaultTrustStore and then Click Exchange signers.

iv. Select the certificate in NodeDefaultKeyStore personal certificates created in previous step and
click Add.
7. Repeat steps 5 and 6 for each node in the cell.

8. Restart the Deployment Manager.

9. Run a command line syncNode from each of the nodes.

10. Start the nodeagents and application servers. They should now be fully synchronized with the new
certificates in place.

For IHS:

===================================================================

1) Take backup of httpd.conf file and key.kdb file from respective locations.

2) Start the iKeyman GUI using the gsk7ikm command.

3) Choose Open from the Key Database File menu. Click Key database type, and select CMS.

4) Click Browse to navigate to the directory containing the key database files.

5) Select the key database file to which you want to add the certificate.

6) Click Open.

7) In the Password Prompt window, type the password you set when you created the key database and
then click OK.
8) Select the Personal Certificates view.

9) Create a new self -signed certificate by mentioning key size as 2048.

10) Update the path of kdb file in httpd.conf file

11) Recycle IHS