Replacing your existing SSL certificates

Use the instructions in this topic to replace your existing SSL certificates. For example, if your existing certificate has expired or you want to replace your existing certificate with a new one.

For the RPM Requester UI, see Replacing the SSL certificate in the RPM Requester UI

Replacing the SSL certificate in the RPM Classic UI

Do the following:

  1. Stop the RPM service.
  2. Generate the certificate keystore if it is not generated already. For instructions, see Enabling-HTTPS-SSL-on-existing-instance.
  3. Copy the keystore file generated in step 2 to the RLMhome/server/jboss/standalone/configuration directory.

  4. In the RLMhome/server/jboss/standalone/configuration directory, open the file corresponding to your environment, in a text editor:

    Configuration

    Deployment

    File

    HTTP

    Non-high-availability

    standalone-full.xml

    High-availability

    standalone-full-ha.xml

    HTTPS

    Non-high-availability

    standalone-full-https.xml

    High-availability

    standalone-full-ha-https.xml

  5. Change the keystore password, filename, and alias name, as follows:

    1. Locate the rpmKeyStore keyword as shown below:

      <key-store name="rpmKeyStore" alias-filter="brpm_ssl">
          <credential-reference clear-text="password"/>
          <implementation type="JKS"/>
          <file path="test.keystore" relative-to="jboss.server.config.dir"/>
      </key-store>
    2. To change the keystore password, change password in <credential-reference clear-text="password"/>.
    3. To change the keystore file name, change path in <file path="test.keystore" relative-to="jboss.server.config.dir"/>.
    4. To change the SSL alias name, change alias-filter in <key-store name="rpmKeyStore" alias-filter="brpm_ssl">.
  6. Change the rpmKeyManager password, as follows:

    1. Locate the rpmKeyManager keyword, as shown below:

      <key-manager name="rpmKeyManager" key-store="rpmKeyStore">
          <credential-reference clear-text="password"/>
      </key-manager>
    2. Change the password in <credential-reference clear-text="password"/>.
  7. Save the file.
  8. Start the RPM service.

Replacing the SSL certificate in the RPM Requester UI

Do the following:

  1. Stop the Requester UI service.
  2. Navigate to the <RLMUI_HOME>/apache/conf directory and open the httpd.conf file with a text editor.
  3. Locate the SSLCertificateKeyFile keyword.
  4. Change its value to the certificate keyfile path where you have installed the new certificate, as follows:
    SSLCertificateKeyFile "<SSLcertDirPath>/requester.key"
  5. Locate the SSLCertificateFile keyword.
  6. Change its value to the certificate file location where you have installed the new certificate, as follows:
    SSLCertificateFile "<SSLcertDirPath>/requester.crt"
  7. Save the file.
  8. Navigate to the <RLMUI_HOME>/apache/conf directory.
  9. Set the certificate file password, as follows:
    1. Navigate to the <RLMUI_HOME>/apache/conf directory.
    2. Open the passphrase-script.bat with a text editor.
    3. In the following line, set the password:
      echo "<password>"
    4. Save the script.
  10. Start the Requester UI service.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*