Updating the server configuration to use the new certificate
To update the server to use the desired key-pair, you must update the
inter-server-certificate property for the server instance in the topology registry.
About this task
The old and the new certificates can appear within their own begin and end headers in the inter-servercertificate property to support transitioning from the old certificate to the new one.
Steps
-
Export the server’s old ads-certificate into
old-ads.crt:manage-certificates export-certificate \ --keystore ads-truststore \ --keystore-password-file ads-truststore.pin \ --alias ads-certificate \ --output-file old-ads.crt
-
Concatenate the old, new certificate, and issuer certificates into one file.
Choose from:
-
On Windows, use an editor like notepad.
-
On Unix platforms, run the command
$ cat old-ads.crt new-ads.crt intermediate.crt root-ca.crt > chain.crt
-
-
Update the
inter-server-certificateproperty for the server instance in the topology registry usingdsconfig:$ bin/dsconfig -n set-server-instance-prop \ --instance-name <instance-name> \ --set “inter-server-certificate<chain.crt”