Replace the Certificates
Certificate replacement allows replacement of all certificates by new ones.
You may want to do this because:
-
The existing certificates have expired, or are about to expire.
Both server certificates and CA (trust) certificates have defined life spans. Once they expire connections using those certificates do not work.
-
Your organization has a policy requiring a different certificate expiry from the default provided by the BI configuration assistant.
-
The security of the existing certificates and keys has been compromised.
Assumptions:
-
You run commands from the primary host.
-
This is an offline operation.
Post conditions
The domain now runs with SSL, and uses the new certificates. Servers will not connect to a WebLogic instance using the old trust.
You can run the ssl.sh expiry
command to list the new certificates with the new expiry date.