How to replace the vApp Wildfly SSL Certificates
search cancel

How to replace the vApp Wildfly SSL Certificates


Article ID: 213480


Updated On:


CA Identity Manager


When following the documented instructions (see link below), the CA Identity Manager Virtual Appliance (vApp) will not import a self-signed certificate correctly.  It is either ignored or it stops the Wildfy server from starting.

Are there any additional steps required to replace the out-of-the-box (OOTB) certificates with self-signed certificates?


Release : 14.4, 14.4.1

Component : IdentityMinder(Identity Manager)


The correct process to replace the wildfly certificates is as follows:

1. When you generate the self-signed certificate you must export it with the private key in a pcks12 format.  Set the password to "changeit".  Unfortunately, this is hard-coded in IM and cannot be changed.

2. Stop IM

3. Remove the existing caim-srv from


4. Copy your self-signed certificate into the above folder as caim-srv.

5. restart IM

This will only change the 8443 connection.  In other words, if you are accessing IM directly (https://<myurl>:8443/iam/im/identityEnv) you will see the certificate that you just imported.

If you go via the Dashboard, (this uses https://<myurl>:10443/iam/im/identityEnv) the default CA certificate is used.  If you wish to replace the Virtual Appliance (vApp) Web UI SSL Certificate, then please refer to the documentation link below.