The old and the new certificates may appear within their own begin and end headers in the inter-servercertificate property to support transitioning from the old certificate to the new one.

  1. Export the server's old ads-certificate into old-ads.crt:
    manage-certificates export-certificate \
      --keystore ads-truststore \
      --keystore-password-file \
      --alias ads-certificate \
      --output-file old-ads.crt
  2. Concatenate the old, new certificate, and issuer certificates into one file.
    • On Windows, use an editor like notepad.
    • On Unix platforms, run the command
      $ cat old-ads.crt new-ads.crt intermediate.crt root-ca.crt > chain.crt
  3. Update the inter-server-certificate property for the server instance in the topology registry using dsconfig:
    $ bin/dsconfig -n set-server-instance-prop \
      --instance-name <instance-name> \
      --set “inter-server-certificate<chain.crt”