Issue:
Steps to replace default self-signed Policy Manager certificate with a trusted certificate authority (CA) created certificate
Resolution:
Assume that you have:
- The signed or maybe self-signed certificate (with full chain of intermediate CA) and private key for it inside PKCS12 keystore.
- It is protected with password "srcpassword"
- Your certificate and the private key are referenced by name (alias) "server".
- The keystore file is "server.p12" and it is located in the same directory as "fspms.jks".
Steps to replace the default Policy Manager certificate:
- Launch an elevated command prompt
- Go to the directory where "fspms.jks" is located by the typing the following command:
- You are replacing certificate in "fspms.jks" so following message will appear:
- Type "yes" and hit enter.
- Restart Policy Manager server to start using the new certificate.
NOTE: When you execute importkeystore command pay attention to "-destkeypass", it should be same as "-deststorepass". If you forget to insert proper "-destkeypass", the command can complete successfully but problems on Policy Manager server startup may occur.
Article no: 000021509