PS.
This link was really helpfull
Replacing existing WebSphere Application Server SSL certificates
- You need:
- server certificate + intermidiate certificate + root certificate + private key in PFX file
- to convert certificate files from Windows CR+LF to Linux LF do this:
- copy files in Windows CR+LF format to Linux server
- run this command for each file:
sed 's/$'"/`echo \\\r`/" input.txt > output.txt - intermidiate certificate in Base64 Encoded PEM file. New line format should be Linux (LF).
- root certificate in Base64 Encoded PEM file. New line format should be Linux (LF).
- copy these 3 files to temporary directory on the TIP server. For example:
/tmp/ssl/serverssl.pfx
/tmp/ssl/GeoTrust_Root.pem
/tmp/ssl/RapidSSL_Interm.pem - Open and login to Tivoli Integrated Portal. Usually this is URL https://<server_name>:16311/ibm/console/logon.jsp
- In the left menu open Settings -> WebSphere Administrative Console and click Launch WebSphere Administrative Console
- In the left menu open Security -> SSL certificate and key management. In the Related Items list, click Key stores and certificates.
- Click NodeDefaultKeyStore. In the Additional Properties list, click Personal certificates and click Import...
- Select Key store file. Enter full path to PFX file. For example: /tmp/ssl/serverssl.pfx. Enter password for PFX file and click Get Key File Aliases.
- Select the certificate alias to import and assign a new alias name to the imported certificate (for example: rapidssl_2014-2016).
- Click OK.
- Click Save to save the changes to the WebSphere Application Server master configuration.
- Click SSL certificate and key management -> Key stores and certificates -> NodeDefaultKeyStore -> Personal certificates.
- Select certificate with alias default and Delete him.
- Click Save to save the changes to the WebSphere Application Server master configuration.
- Click SSL certificate and key management -> Key stores and certificates -> NodeDefaultTrustStore -> Signer certificates.
- Click Add.
- Specify the alias name for the new root CA signer certificate (for example: GeoTrust_Root), the certificate file name (for example: /tmp/ssl/GeoTrust_Root.pem), certificate data type (for example: Base64-encoded ASCII data), and click OK.
- Click Save to save the changes to the WebSphere Application Server master configuration.
- Repeat steps 13 to 15 to import all associated intermediary signer certificates (for example: to import RapidSSL intermidate SSL certificate).
- Click SSL certificate and key management -> Key stores and certificates -> NodeDefaultTrustStore -> Personal certificates.
- Click Import... (if do not have any SSL certificate in Personal certificates) or select the check box associated with the old SSL certificate and click Replace...
In our example we will be Import new SSL certificate. So click Import... - Select Key store file. Enter full path to PFX file. For example: /tmp/ssl/serverssl.pfx. Enter password for PFX file and click Get Key File Aliases.
- Select the certificate alias to import and assign a new alias name to the imported certificate (for example: rapidssl_2014-2016).
- Enter once again password for PFX file and Click OK.
- Click Save to save the changes to the WebSphere Application Server master configuration.
- Refresh web page and check that new SSL certificate installed correctly to Integrated Solution Console.
- Open Tivoli Integrated Portal and also check that new SSL certificate installed correctly.
PS.
This link was really helpfull
Replacing existing WebSphere Application Server SSL certificates
No comments:
Post a Comment