Replacing and renewing a certificate for a single Gateway Server

Replacing or renewing a certificate is similar to importing it for the first time, but you also replace the old certificate with the new one.

Before you begin

You have received the signed certificate from the certificate authority. You have determined whether the certificate is signed by a root CA or an intermediate CA. If the certificate was signed by an intermediate CA, then you have imported into the keystore all intermediate CA certificates. Now you are ready to import the signed certificate itself into the keystore.

About this task

WebSphere® Application Server can receive only those certificates that are generated by a WebSphere Application Server certificate request. It cannot receive certificates that are created with certificate requests from other keystore tools, such as iKeyman and keyTool. The keystore must contain the certificate request that was created and sent to the CA. This means that you cannot import a certificate to the keystore if the keystore does not contain the original certificate request.

Make sure the certificate file you have received does not contain any text lines before the " -----BEGIN CERTIFICATE-----" line. These lines can cause the certificate import process to fail, and therefore you must delete these lines if they are present in the certificate file.

Procedure

  1. Log in to the Integrated Solutions Console.
  2. Click Security > SSL certificate and key management > Related items > Key stores and certificates > NodeDefaultKeyStore .
  3. In the Additional Properties section, click Personal certificates.
  4. Click Receive a certificate from a certificate authority.
  5. Type the full path and name of the certificate file. For example on windows: c:\mycertificate.cer
  6. Do not change the default data type on the list (Base64-encoded ASCII Data).
  7. Click Apply and Save.
  8. From the Integrated Solutions Console, click Security > SSL certificate and key management > Key stores and certificates.
  9. Select the keystore that contains the new and old certificates.
  10. Select the old certificate and click Replace.
  11. Verify that the old certificate is listed in the Old certificate field.
  12. Select the new certificate from the "Replace with" list.
  13. Click OK and Save.
  14. Restart the Sametime® Gateway Server.

    For a stand-alone server: the single Java process.

    For a cluster configuration: restart the DMGR, STGW servers, XMPP proxies, SIP Proxies.

    You do not need to restart the node agents.