Changing WS 7 Admin Server Certificate

This is probably not supported and the WS team might slap me, but... Occasionally I install an instance of WS 7 on a host, and later rename the host. Usually because the server gets pushed to our production data-center, and thus, gets a new name.

When this happens, The subject name in the admin server certificate becomes invalid, because it essentially should be the host-name, and when the host-name you access the server doesn't match what is presented in the certificate, the web client (Firefox for example) tells you and asks for you to accept this.

Its a minor annoyance, but it bugs me none-the-less. So I poked around and figured out how to change it. Its pretty simple really, just use the certutil command-line tool included with WS 7. Specifically, here's what I did.

Go to the Admin Server's config folder

cd $WS_HOME/admin-server/config

Add the Admin Server's bin folder to your path

setenv PATH=$WS_HOME/bin:$PATH

Delete the old certificate, named Admin-Server-Cert

certutil -L -d . -n Admin-Server-Cert

Create the new certificate, specifying the new hostname in the -s parameter

certutil -S -d . -n Admin-Server-Cert -t u,u,u -s "CN=some.host.com" -c Admin-CA-Cert -v 120

Last, you will probably need to change any references to the old host-name to the new name in server.xml

Comments:

Correction to the Delete the old certificate, named Admin-Server-Cert

certutil -D -d . -n Admin-Server-Cert

Posted by guest on March 16, 2010 at 10:12 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

mock

Search

Top Tags
Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today
Bookmarks
Blogroll

No bookmarks in folder