WAS 6.0.2.19 ssl certificate update problem - Websphere

This is a discussion on WAS 6.0.2.19 ssl certificate update problem - Websphere ; Does anybody know what is the problem in the following situation? The old ssl certificate used for connection to some URL expired. It was imorted to the DummyServerTrustFile.jks and worked fine. For update I've done following opertations: 1. deleted old ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: WAS 6.0.2.19 ssl certificate update problem

  1. WAS 6.0.2.19 ssl certificate update problem

    Does anybody know what is the problem in the following situation?

    The old ssl certificate used for connection to some URL expired. It was imorted to the DummyServerTrustFile.jks and worked fine.

    For update I've done following opertations:
    1. deleted old certificate from the DummyServerTrustFile.jks using keytool
    2. imported the new one using keytool
    3. restarted WAS

    But despite there is no sign of the old certificate in the jks files on the server it takes the old expired certificate and I get java.security.cert.CertificateException: NotAfter: ....

    I understand that it is cached somewhere, but have no ideas where and how to release this cache.
    Will be greatfull for any hints what to try.

  2. Re: WAS 6.0.2.19 ssl certificate update problem

    ekaterina.borovik@t-systems.ru wrote:
    > Does anybody know what is the problem in the following situation?
    >
    > The old ssl certificate used for connection to some URL expired. It was imorted to the DummyServerTrustFile.jks and worked fine.
    >
    > For update I've done following opertations:
    > 1. deleted old certificate from the DummyServerTrustFile.jks using keytool
    > 2. imported the new one using keytool
    > 3. restarted WAS
    >
    > But despite there is no sign of the old certificate in the jks files on the server it takes the old expired certificate and I get java.security.cert.CertificateException: NotAfter: ....
    >
    > I understand that it is cached somewhere, but have no ideas where and how to release this cache.
    > Will be greatfull for any hints what to try.


    Might be that you edited the wrong copy of the file; there are typically
    several. Is there any reason you're not managing the keys from within the WAS
    admin console? That way you'll be sure you're editing the correct trust store.

    What version of WAS? At least in 6.1, the trust stores are found under:

    Security->SSL certificate and key management->Key stores and certificates

    --
    Doug

+ Reply to Thread