How can I replace the default self-signed Policy Manager certificate with a trusted certificate authority (CA) created certificate?
Assume that you have:
- The signed or maybe self-signed certificate (with full chain of intermediate CA) and private key for it inside PKCS12 Keystore.
- It is protected with password "srcpassword"
- Your certificate and the private key are referenced by name (alias) "server".
- The Keystore file is "server.p12" and it is located in the same directory as "fspms.jks".
Steps to replace the default Policy Manager certificate:
- Launch an elevated command prompt
- Go to the directory where "fspms.jks" is located by typing the following command:
- You are replacing the certificate in "fspms.jks" so the following message will appear:
- Type "yes" and hit enter.
- Restart the Policy Manager server to start using the new certificate.
NOTE: When you execute the importkeystore command pay attention to "-destkeypass", it should be the same as "-deststorepass". If you forget to insert proper "-destkeypass", the command can complete successfully but problems on Policy Manager server startup may occur.
Article no: 000021509