If a personal certificate has been compromised or is about
to expire, then it should be renewed. Renewing a certificate recreates
the certificate with all the information from the original certificate,
but with a new expiration period and public/private key pair. Only
self-signed certificates and chained certificates created by WebSphere® can be renewed. If the certificate
used to sign the chained certificate is not in the root keystore then
the default root certificate is used to renew the certificate.
Before you begin
You use the administrative console to renew the certificate.
Procedure
- Click Security > SSL certificate and key management.
- Under Related Items, click Key stores and certificates.
- Click the appropriate <keystore name> to which
you want to add the new certificate.
Note: Only self-signed
certificates and chained certificates signed with root certificates
from the root keystore can be renewed.
- Under Additional Properties, click Personal certificates to
list the personal certificates.
- Select a personal certificate from the list.
- Click the Renew button.
- Click Apply then OK.
Results
The certificate is renewed in the key store selected in the
path to this panel . If the certificate is not a self-signed certificate
or a chained certificate signed with a root certificate from the default
root store, an error is returned.Note: If this command is used with
a CA certificate, an error occurs.