Updating the server configuration to use the new certificate
To update the server to use the desired key-pair, you must update the
inter-server-certificate
property for the server instance in the topology registry.
About this task
The old and the new certificates can appear within their own begin and end headers in the inter-servercertificate
property to support transitioning from the old certificate to the new one.
Steps
-
Export the server’s old ads-certificate into
old-ads.crt
:manage-certificates export-certificate \ --keystore ads-truststore \ --keystore-password-file ads-truststore.pin \ --alias ads-certificate \ --output-file old-ads.crt
-
Concatenate the old, new certificate, and issuer certificates into one file.
Choose from:
-
On Windows, use an editor like notepad.
-
On Unix platforms, run the command
$ cat old-ads.crt new-ads.crt intermediate.crt root-ca.crt > chain.crt
-
-
Update the
inter-server-certificate
property for the server instance in the topology registry usingdsconfig
:$ bin/dsconfig -n set-server-instance-prop \ --instance-name <instance-name> \ --set “inter-server-certificate<chain.crt”