Replacing and renewing a certificate in a Gateway cluster

Replacing or renewing a certificate for an IBM® Sametime® Gateway cluster is similar to importing it for the first time, but you also replace the old certificate with the new one.

Before you begin

The keystore must contain the certificate request that was created and sent to the Certificate Authority. Also, the keystore must be able to access the certificate that is returned by the Certificate Authority.

Expected state: the deployment manager and the node agents are started. The servers are stopped.

Note: WebSphere® Application Server creates the certificate chain when the signed certificate is received. The chain is constructed from the signer certificates that are in the keystore at the time the certificate is received. Be sure to import all intermediate certificates as signer certificates into the keystore before receiving the CA-signed certificate.

Procedure

  1. Log in to the Integrated Solutions Console.
  2. Click Security > SSL certificate and key management > Key stores and certificates.
  3. Click the keystore that you created previously.
  4. Click Personal certificates.
  5. Click Receive a certificate from a certificate authority.
  6. Type the full path and name of the certificate file generated by the CA.
  7. Select the appropriate data from the list.
  8. Click Apply and Save.
  9. From the Integrated Solutions Console, click Security > SSL certificate and key management > Key stores and certificates.
  10. Select the keystore that contains the new and old certificates.
  11. Select the old certificate and click Replace.
  12. Verify that the old certificate is listed in the Old certificate field.
  13. Select the new certificate from the Replace with list.
  14. Click OK and Save.
  15. Restart the Sametime Gateway Server.

    For a stand-alone server: the single Java™ process.

    For a cluster configuration: restart the DMGR, STGW servers, XMPP proxies, SIP Proxies.

    You do not need to restart the node agents.