Running the UpdateSignerCerts command

For command-line tools to use an updated certificate, you can run the UpdateSignerCerts command so that the certificate is accepted permanently, and other tools can run without a prompt, making sure that non-attended script executions don't fail or wait for user input for the certificate prompt.

About this task

Run this command on each computer in your environment where the services, engine, and client tiers are installed. The command is found in the following locations:
Tier Location
Services IS_install_path/ASBServer/bin
Engine, Client IS_install_path/ASBNode/bin


  1. Run the command: -url https://hostname:port -user IS_admin_user -password IS_admin_password

    The host name of the IBM® InfoSphere® Information Server server, as specified in the common name of the certificate.
    The port number of the IBM InfoSphere Information Server server, specified during installation. The default port number is 9443.
    The InfoSphere Information Server administrator user name (isadmin).
    The password for the InfoSphere Information Server administrator user.
  2. If the SSL certificate has been properly changed on the server, you are prompted to accept the new certificate. After the prompt, enter 1 to accept the certificate permanently.
    An example prompt:
    The following certificate could not be verified: 
    Owner:, OU=Software Group, O=IBM, C=US
    Issuer:, OU=Software Group, O=IBM, C=US
    Serial number: 12A67955 
    Valid from: Oct 23 2013
    Expired to: Oct 21 2014
    SHA1 fingerprint: D2:57:88:57:AE:FD:E2:5D:B8:9B:7E:9D:B4:6F:64:46:15:42:D0:0E
    MD5 fingerprint: 39:9C:82:52:9C:CE:14:64:26:50:E2:F6:2A:19:B3:21
    Do you want to accept this certificate permanently (1), for this session only
    (2), or reject (3) it? (1/2/3):