Changing WS 7 Admin Server Certificate
By me on Oct 02, 2008
This is probably not supported and the WS team might slap me, but... Occasionally I install an instance of WS 7 on a host, and later rename the host. Usually because the server gets pushed to our production data-center, and thus, gets a new name.
When this happens, The subject name in the admin server certificate becomes invalid, because it essentially should be the host-name, and when the host-name you access the server doesn't match what is presented in the certificate, the web client (Firefox for example) tells you and asks for you to accept this.
Its a minor annoyance, but it bugs me none-the-less. So I poked around and figured out how to change it. Its pretty simple really, just use the certutil command-line tool included with WS 7. Specifically, here's what I did.
Go to the Admin Server's config folder
Add the Admin Server's bin folder to your path
Delete the old certificate, named Admin-Server-Cert
certutil -L -d . -n Admin-Server-Cert
Create the new certificate, specifying the new hostname in the -s parameter
certutil -S -d . -n Admin-Server-Cert -t u,u,u -s "CN=some.host.com" -c Admin-CA-Cert -v 120
Last, you will probably need to change any references to the old host-name to the new name in server.xml