Recovering deleted certificates in SSL
The SSL configuration contains a keystore created to hold personal certificates that were deleted from other keystores in the configuration. Perform this task to recover deleted certificates.
The SSL configuration contains a keystore created to hold personal certificates that were deleted from other keystores in the configuration. On a stand alone appserver the keystore is called NodeDefaultDeletedStore and on a deployment manager the keystore is called DmgrDefaultDeletedStore.
When a personal certificate is deleted from a keystore using the admin console or in a script using deleteCertificate AdminTask, a copy of the certificate is stored in the DmgrDeletedKeyStore or NodeDeletedKeyStore.
The personal certificate takes the alias of <keystore>_<alias> > in the deleted keystore. If the alias name is already used in that deleted keystore a <unique number> is appended to the alias.
A personal certificate can be recovered from the deleted keystore by importing or exporting the personal certificate to a keystore in the configuration. To recover a personal certificate using the admin console perform the following steps:
- Click Security > SSL certificate and key management.
- Under Related Items, click Key stores and certificates.
- From the Keystore usages drop-down list, select "Deleted certificates keystore".
- Click DmgrDefaultDeletedStore or NodeDefaultDeletedStore.
- Under Additional Properties, click Personal certificates.
- Select a certificate.
- Select Export
- Click OK.
- Perform the following:
- • Enter the keystore password of the deleted keystore.
- • Enter The alias to be assigned to the certificate (in the key store that will receive the certificate).
- • Select the ‘Managed key store’ radio button.
- • Select the key store from the drop down list that will receive the certificate.
- Click Apply then OK.
To recover a personal certificate we can also use the exportCertToManagedKS AdminTask command.
Create an SSL configuration