Replacing your existing SSL certificates

Use the instructions in this topic to replace your existing SSL certificates. For example, if your existing certificate has expired or you want to replace your existing certificate with a new one.

Depending on the RPM version you are using, use one of the procedures to replace your existing certificates in the RPM Classic UI:

• Replacing the SSL certificate in 5.0.03.004 and later versions
• Replacing the SSL certificate in 5.0.03.003 and earlier versions 

For the RPM Requester UI, see Replacing the SSL certificate in the RPM Requester UI. 

Replacing the SSL certificate in the RPM Classic UI in 5.0.03.004 and later versions

Do the following:

1. Stop the RPM service.
2. Generate the certificate keystore if it is not generated already. For instructions, see Enabling-HTTPS-SSL-on-existing-instance.
3. Copy the keystore file generated in step 2 to the RLMhome/server/jboss/standalone/configuration directory.
4. In the RLMhome/server/jboss/standalone/configuration directory, open the standalone-full.xml file (for cluster installation, standalone-full-ha.xml) file with a text editor.
5. Change the keystore password, filename, and alias name, as follows:

   1. Locate the rpmKeyStore keyword as shown below:

      <key-store name="rpmKeyStore" alias-filter="brpm_ssl">
          <credential-reference clear-text="password"/>
          <implementation type="JKS"/>
          <file path="test.keystore" relative-to="jboss.server.config.dir"/>
      </key-store>
   2. To change the keystore password, change password in <credential-reference clear-text="password"/>.
   3. To change the keystore file name, change path in <file path="test.keystore" relative-to="jboss.server.config.dir"/>.
   4. To change the SSL alias name, change alias-filter in <key-store name="rpmKeyStore" alias-filter="brpm_ssl">.
6. Change the rpmKeyManager password, as follows:

   1. Locate the rpmKeyManager keyword, as shown below:

      <key-manager name="rpmKeyManager" key-store="rpmKeyStore">
          <credential-reference clear-text="password"/>
      </key-manager>
   2. Change the password in <credential-reference clear-text="password"/>.
7. Save the file.
8. Start the RPM service.

Replacing the SSL certificate in the RPM Classic UI in 5.0.03.003 and earlier versions

Do the following:

1. Stop the RPM service.
2. Generate the certificate keystore if it is not generated already. For instructions, see Enabling-HTTPS-SSL-on-existing-instance.
3. Copy the keystore file generated in step 2 to the RLMhome/server/jboss/standalone/configuration directory.
4. In the RLMhome/server/jboss/standalone/configuration directory, open the standalone.xml file (for cluster installation, standalone-ha.xml) file with a text editor.
5. Change the keystore file path and password:

   1. Locate the certificate-key-file keyword as shown below:

      <ssl certificate-key-file="<RLMHome>/server/jboss/standalone/configuration/.keystore" cipher-suite="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, ...." key-alias="brpm_ssl" name="ssl" password="password" protocol="TLSv1.2" verify-client="false"/>
   2. To change the keystore password, change the password in password.
   3. To change the keystore file name and path, change the path in certificate-key-file.
6. Save the file.
7. Start the RPM service.

Replacing the SSL certificate in the RPM Requester UI

Do the following:

1. Stop the Requester UI service.
2. Navigate to the <RLMUI_HOME>/apache/conf directory and open the httpd.conf file with a text editor.
3. Locate the SSLCertificateKeyFile keyword.
4. Change its value to the certificate keyfile path where you have installed the new certificate, as follows:
   SSLCertificateKeyFile "<SSLcertDirPath>/requester.key"
5. Locate the SSLCertificateFile keyword.
6. Change its value to the certificate file location where you have installed the new certificate, as follows:
   SSLCertificateFile "<SSLcertDirPath>/requester.crt"
7. Save the file.
8. Navigate to the <RLMUI_HOME>/apache/conf directory.
9. Set the certificate file password, as follows:
   1. Navigate to the <RLMUI_HOME>/apache/conf directory.
   2. Open the passphrase-script.bat with a text editor.
   3. In the following line, set the password:
      echo "<password>"
   4. Save the script.
10. Start the Requester UI service.