How to update a Spectrum HTTPS certificate that is getting ready to expire
search cancel

How to update a Spectrum HTTPS certificate that is getting ready to expire

book

Article ID: 260056

calendar_today

Updated On:

Products

Spectrum

Issue/Introduction

How do I update a Spectrum HTTPS certificate that is getting ready to expire

Resolution

1. Generate a CSR:

/usr/Spectrum/java/bin/keytool -certreq -keystore /usr/Spectrum/custom/keystore/cacerts -storepass changeit -ext SAN=dns:[FQHN] -alias tomcatssl -keypass changeit -file /tmp/Spectrum.csr

2. Take the /tmp/Spectrum.csr to your Certificate Authority and have it signed and transfer the resultant files to the Spectrum server.

3. Take a backup of the existing cacerts keystore:

cp /usr/Spectrum/custom/keystore/cacerts /usr/Spectrum/custom/keystore/cacerts.bak

4. Import the server certificate into the keystone to update the certificate:

/usr/Spectrum/java/bin/keytool -import -keystore /usr/Spectrum/custom/keystore/cacerts -storepass changeit -alias tomcatssl -file /tmp/Spectrum.cer

5. Restart tomcat and webtomcat:

/usr/Spectrum/tomcat/bin/stopTomcat.sh; /usr/Spectrum/webtomcat/bin/stopWebTomcat.sh; /usr/Spectrum/tomcat/bin/startTomcat.sh; /usr/Spectrum/webtomcat/bin/startWebTomcat.sh