We are currently planning to renew the web certificate of our Operator Console and Admin Console. Our current certificate will expire soon.

Can I pre-create the Operator Console / Admin Console WASP.KEYSTORE file outside of the D:\Nimsoft\probes\service\wasp\conf folder? eg. D:\Temp folder

Basically, this is our plan,

1. Generate Certificate Signing Request (CSR) using java keytool in UIM with the command below
Command -> keytool.exe -certreq -alias wasp -validity 730 -keystore D:\Nimsoft\probes\service\wasp\conf\wasp.keystore -dname "CN=Server1.xxx.yyy.zzz.SG,O=xxx.yyy.zzz.SG,OU=xxx.yyy.zzz.SG,L=SG,ST=SG,C=SG" -ext "SAN=DNS:Server1.xxx.yyy.zzz.SG,DNS:Server1,IP:10.aaa.bbb.ccc" -file D:\Temp\Server1.xxx.yyy.zzz.SG.CSR

2. Get "Server1.xxx.yyy.zzz.SG.CSR" certificate file signed by our CA server

3. Once signed, we will get back the "Server1.xxx.yyy.zzz.SG.CER" signed certificate file

4. Backup the original WASP.KEYSTORE file in D:\Nimsoft\probes\service\wasp\conf to D:\Cert_Backup folder

5. Copy the original WASP.KEYSTORE file in D:\Nimsoft\probes\service\wasp\conf and Server1.xxx.yyy.zzz.SG.CER signed certificate files to D:\Temp folder

6. Use the below command to import the signed CER certificate into the WASP.KEYSTORE file
Command -> keytool.exe -import -trustcacerts -alias wasp -file D:\Temp\Server1.xxxx.yyy.zzz.SG.CER -keystore D:\Temp\wasp.keystore

7. At a later date, copy D:\Temp\wasp.keystore file to D:\Nimsoft\probes\service\wasp\conf folder

Do we need to restart the WASP probe after replacing the original WASP.KEYSTORE with the new WASP.KEYSTORE copied from D:\Temp folder or relaunch the OC/AC web console will do?

You can pre-create. When https is enabled it will check the certificate in wasp.keystore file in the path wasp\conf folder. However, you do have to restart wasp after replacing wasp.keystore with the new one.