Friday, 28 September 2012

Managing and Replacing WebSphere 6.1 SSL Certificates

This post makes reference to an issue that a friend of mine saw recently with expired self-signed SSL certificates. 

In essence, WAS was complaining that one of the internal certificates had expired - the certificate in question was located here: -

/opt/WebSphere/AppServer/profiles/dmgr/etc/trust.p12

It turned out that he had automatic certificate replacement enabled, which had resulted in the Deployment Manager having an up-to-date certificate, but that on the Node Agent was still out-of-date.

The solution was to manually synchronise the node with the cell, using the syncNode.sh script.

There was a webcast, back in 2008 (!), covering this area, where my IBM colleague, Brett Ostrander, walked through the problem and solution of replacing WAS 6.1 certificates.

The webcast replay is here: -



Definitely worth a read - an oldie but goodie.

No comments: