IBM Support

How do I extend the expiration of the default SSL Certificate for the WebSphere Application Server?

Troubleshooting


Problem

The default WebSphere SSL Certificate expires after 365 days. For a backup or HA cold-standby Services Teir system you may not notice that the certificate has expired until you attempt to use the fallback option.

Resolving The Problem

It is not possible to extend the expiration of the existing certificate, as that would be a violation of the integrity of the certificate. That leaves two possible alternatives:




If you choose the latter, replacing the default certificate, note that the the expiration is set in the 'Validity period' field in the new certificate during step number 5 of the process in the TechNote. You will still need to renew or replace the certificate after the specified expiration, but you can set the expiration for a much longer period, up to 7300 days (20 years). This allows for less frequent replacements.

For the other fields in the replacement certificate you may copy the information from the existing default certificate, or adjust as appropriate for your environment.

In either case, whether you renew or replace the default certificate, you may need to accept the new certificate into the WebSphere and Information Server truststores. If such an update is required, the first time you run the WebSphere command line tools (wasadmin, stopServer, startServer, et cetera), or the IIS command line tools, you will be asked to accept the new certificate. It is possible to preemptively update the certificate in the IIS truststores with the UpdateSignerCerts command. For each ASBNode or ASBServer, run the following UpdateSignerCerts command to update the truststores with the new certificate:

<IIS_home_path>/ASBServer/bin/UpdateSignerCerts[.sh|.bat] -url https://{hostname:port} -user IIS_admin_user -password IIS_admin_password
<IIS_home_path>/ASBNode/bin/UpdateSignerCerts[.sh|.bat] -url https://{hostname:port} -user IIS_admin_user -password IIS_admin_password


Note: Each command mentioned in the proceeding section will have a shell (.sh) extension on Linux / UNIX-based platforms, and a batch (.bat) extension on Windows-based platforms.

[{"Product":{"code":"SSZJPZ","label":"IBM InfoSphere Information Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"11.3;11.5;9.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SSZJPZ","label":"IBM InfoSphere Information Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
16 June 2018

UID

swg21974440