Certificate authorities typically restrict the lifespans of the certificates that they sign. If you use a certification authority to issue listener certificates, you are likely replacing the certificates on a regular basis.
The replace-certificate tool performs the following steps:
- Obtain a new certificate chain.
- Make necessary updates to the key manager provider and the connection handler configurations
- Update the server instance listener configuration with the new certificate.
The replace-certificate tool offers the following modes of operation:
- Interactive mode
- Walks you through the process of obtaining a new certificate and installing it in the server. Interactive mode also displays the non-interactive commands that are required to achieve the same result.
- Non-interactive mode
- Useful when scripting the process of replacing a certificate.