Using an existing keystore

You can change the default certificate by installing your own certificate keystore. You can either use a P12 or JKS keystore.


  1. Edit the ssl.xml file.
  2. Locate the <keystore/> parameter. Set appropriate values for your certificate keystore.
    The default value is defaultKeyStore. You can change the value to an ID of your choice or keep the default value.

    To apply custom certificate properly using AES-encoded password, do the following:

    1. Ensure the server is stopped.
    2. Open the [installdir]\tools\env\env.xml file.
    3. Copy the value reported in the value property of the wlp.password.encryption.key variable.

      For example: From <variable name="wlp.password.encryption.key" value="8f7008648eb308479c88f388e82000209a26" />, copy 8f7008648eb308479c88f388e82000209a26

    4. Run the following commands:
      [installdir]\wlp\bin\securityUtility.bat encode --encoding=aes --key=<encryption_key>
      where <encryption_key> is the value copied in the previous step.
      Note: On Linux, the securityUtility tool does not have the .bat extension. Therefore, use securityUtility instead of securityUtility.bat.
    5. Insert twice the password to be encrypted.
    6. Manually copy the resulting encrypted password in the XML file in [installdir]\wlp\usr\servers\trcserver\ssl.xml
      Note: The encrypted password starts with "{aes}". For example, {aes}AFLSwk76PovVwmQlVCULHEkkkzRqPUgLoZVy33sMxPZf)
    7. Restart the server.
    Enter the absolute path to the existing keystore. The value can be the path to a jks file or a p12 file.
    Determines the type of keystore file. If you are using a p12 file use PKCS12. If you are using a jks file, you do not need to define a type value.
  3. Save the file.
  4. Restart the Remote Control server.