Before updating the server to use the appropriate key pair, update the inter-server-certificate property for the server instance in the topology registry. To support the transition from an existing certificate to a new one, earlier and newer certificates might appear within their own beginning and ending headers in the inter-server-certificate property.

To update the server configuration to use the new certificate, perform the following steps:

  1. Export the server’s previous ads-certificate into old-ads.crt, as follows:
    manage-certificates export-certificate \
      --keystore ads-truststore \
      --keystore-password-file ads-truststore.pin \
      --alias ads-certificate \
      --output-file old-ads.crt
  2. Concatenate the previous and new certificate into one file.
    On Windows, use a text editor like Notepad. On Unix, use the following command:
    cat old-ads.crt new-ads.crt > old-new-ads.crt
  3. Use dsconfig to update the inter-server-certificate property for the server instance in the topology registry, as follows:
    $ bin/dsconfig -n set-server-instance-prop \
      --instance-name <instance-name> \
      --set "inter-server-certificate<old-new-ads.crt"