Certificate replacement allows replacement of all certificates by new ones.
You may want to do this because:
The existing certificates have expired, or are about to expire.
Both server certificates and CA (trust) certificates have defined lifespans. Once they expire connections using those certificates will no longer work.
Your organization has a policy requiring a different certificate expiry from the default provided by the BI configuration assistant.
The security of the existing certificates and keys has been compromised.
Assumptions:
You run commands from the master host.
This is an offline operation.
To replace the certificates:
Post conditions
The domain now runs with SSL, and uses the new certificates. Servers will not connect to a WebLogic instance using the old trust.
You can run the ssl.sh expiry
command to list the new certificates with the new expiry date.