If a personal certificate has been compromised or is about to expire, then it should be
renewed. Renewing a certificate recreates the certificate with all the information from the original
certificate, but with a new expiration period and public/private key pair. Only self-signed
certificates and chained certificates created by WebSphere® can be renewed. If the certificate used to sign
the chained certificate is not in the root keystore then the default root certificate is used to
renew the certificate.
Before you begin
You use the administrative console to renew the certificate.
Procedure
-
Click Security > SSL certificate and key management.
-
Under Related Items, click Key stores and certificates.
-
Click the appropriate <keystore name> to which you want to add the new
certificate.
Note: Only self-signed certificates and chained certificates signed with root certificates from the
root keystore can be renewed.
-
Under Additional Properties, click Personal certificates to list the personal
certificates.
-
Select a personal certificate from the list.
-
Click the Renew button.
-
Click Apply then OK.
Results
The certificate is renewed in the key store selected in the path to this panel. If the
certificate is not a self-signed certificate or a chained certificate signed with a root certificate
from the default root store, an error is returned.Note: If this command is used with a CA
certificate, an error occurs.