WebSphere Application Server & Liberty

WebSphere Application Server & Liberty

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Replacing Self Signed SSL Certificate Solely on Command Line

    Posted Tue January 25, 2022 06:40 PM
    I'm currently on WebSphere v7.2 and was wondering if it's possible to update a self-signed ssl certificate from the command line alone, or if the Admin Console is required to do this task.

    ------------------------------
    Cesar Garcia
    ------------------------------


  • 2.  RE: Replacing Self Signed SSL Certificate Solely on Command Line

    Posted Wed January 26, 2022 03:59 AM
    Hello Cesar,

    Check the wsadmin renewCertificate command.
    You can find the document about using it at:

    PersonalCertificateCommands command group for the AdminTask object
    https://www.ibm.com/docs/en/was/8.5.5?topic=tool-personalcertificatecommands-command-group-admintask-object#rxml_atpersonalcert__cmd19

    Best Regards

    ------------------------------
    MIGUEL ANGEL CAMACHO CABRERA
    ------------------------------

    Original Message


  • 3.  RE: Replacing Self Signed SSL Certificate Solely on Command Line

    Posted Wed January 26, 2022 10:22 AM

    Hello Cesar,

    I always use ikeyman tthat is shipped with java:

    .../java/bin/ikeycmd -cert -delete -label <myCertLabel> -db <mykeyStore> -pw <myKeyStorePWD>

    java/bin/ikeycmd -cert -add -file /tmp/<myCert>.der -label <myCertLabel> -format binary -db <mykeyStore> -type pkcs12

    alternively you can use the keytool shipped with java:

    <WAS-HOME>/java/bin/keytool

    ./keytool -help


    Hope that helps

    André



    ------------------------------
    Andre Jahn
    WebAdministrator
    Deutsche Bundesbank
    Duesseldorf
    1-555-555-5555
    ------------------------------

    Original Message


  • 4.  RE: Replacing Self Signed SSL Certificate Solely on Command Line

    Posted Wed January 26, 2022 12:47 PM
    Hello Cesar,
    Please can you check the WebSphere version again? Afaik there is no WebSphere Application Server v7.2? Are you maybe using a stacked product?

    Which self-signed certificate are you actually trying to replace?  Can you give us more details please? A certificate used by WebSphere Application Server of a certificate used the the IBM HTTP Server? Which communication should be secured by that certificate?

    Maybe the Automatically replace expiring self-signed and chained certificates function (however not sure if it is available in v7 - too long ago) can help solving your problem?

    Thanks and have a good day - Hermann

    ------------------------------
    Hermann Huebler
    2innovate IT Consulting GmbH
    Vienna
    Austria

    #IBMChampion
    ------------------------------

    Original Message


  • 5.  RE: Replacing Self Signed SSL Certificate Solely on Command Line

    Posted Thu February 10, 2022 11:54 AM
    Hello Hermann,

    You are correct, it was was actually 7.0.  I'm trying to replace the Self-Signed certificate to WebSphere, no HTTP Server.  I actually found out that I can activate the Admin Console after all, so will probably be looking for instructions for adding new cert as well as Signing Cert.

    ------------------------------
    Cesar Garcia
    ------------------------------

    Original Message


Related Content