How to replace the default self-signed Policy Manager certificate with a trusted certificate authority (CA) created certificate?

How to replace the default self-signed Policy Manager certificate with a trusted certificate authority (CA) created certificate? - F-Secure Community

Issue:

Steps to replace default self-signed Policy Manager certificate with a trusted certificate authority (CA) created certificate

Resolution:

Assume that you have:

The signed or maybe self-signed certificate (with full chain of intermediate CA) and private key for it inside PKCS12 keystore.
It is protected with password "srcpassword"
Your certificate and the private key are referenced by name (alias) "server".
The keystore file is "server.p12" and it is located in the same directory as "fspms.jks".

Steps to replace the default Policy Manager certificate:

Launch an elevated command prompt
Go to the directory where "fspms.jks" is located by the typing the following command:


"C:\Program Files (x86)\F-Secure\Management Server 5\jre\bin\keytool" -importkeystore 
-destkeystore fspms.jks -deststorepass superPASSWORD -destalias fspms -destkeypass superPASSWORD 
-srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass srcpassword -srcalias server

You are replacing certificate in "fspms.jks" so following message will appear:


Existing entry alias server exists, overwrite? [no]:

Type "yes" and hit enter.
Restart Policy Manager server to start using the new certificate.

NOTE: When you execute importkeystore command pay attention to "-destkeypass", it should be same as "-deststorepass". If you forget to insert proper "-destkeypass", the command can complete successfully but problems on Policy Manager server startup may occur.

Article no: 000021509