+

Search Tips   |   Advanced Search

Recovering deleted certificates in SSL


The SSL configuration contains a keystore created to hold personal certificates that were deleted from other keystores in the configuration. Perform this task to recover deleted certificates.

The SSL configuration contains a keystore created to hold personal certificates that were deleted from other keystores in the configuration. On a stand alone appserver the keystore is called NodeDefaultDeletedStore and on a deployment manager the keystore is called DmgrDefaultDeletedStore.

When a personal certificate is deleted from a keystore using the admin console or in a script using deleteCertificate AdminTask, a copy of the certificate is stored in the DmgrDeletedKeyStore or NodeDeletedKeyStore.

The personal certificate takes the alias of <keystore>_<alias> > in the deleted keystore. If the alias name is already used in that deleted keystore a <unique number> is appended to the alias.

A personal certificate can be recovered from the deleted keystore by importing or exporting the personal certificate to a keystore in the configuration. To recover a personal certificate using the admin console perform the following steps:

 

  1. Click Security > SSL certificate and key management.

  2. Under Related Items, click Key stores and certificates.

  3. From the Keystore usages drop-down list, select "Deleted certificates keystore".

  4. Click DmgrDefaultDeletedStore or NodeDefaultDeletedStore.

  5. Under Additional Properties, click Personal certificates.

  6. Select a certificate.

  7. Select Export

  8. Click OK.

  9. Perform the following:

    • • Enter the keystore password of the deleted keystore.

    • • Enter The alias to be assigned to the certificate (in the key store that will receive the certificate).

    • • Select the ‘Managed key store’ radio button.

    • • Select the key store from the drop down list that will receive the certificate.

    • Click Apply then OK.

 

Results

To recover a personal certificate we can also use the exportCertToManagedKS AdminTask command.

 

Related tasks


PersonalCertificateCommands
Create an SSL configuration