Renewing a certificate in SSL

If a personal certificate has been compromised or is about to expire, then it should be renewed. Renewing a certificate recreates the certificate with all the information from the original certificate, but with a new expiration period and public/private key pair. Only self-signed certificates and chained certificates created by WebSphere can be renewed. If the certificate used to sign the chained certificate is not in the root keystore then the default root certificate is used to renew the certificate.

You use the admin console to renew the certificate.


  1. Click Security > SSL certificate and key management.

  2. Under Related Items, click Key stores and certificates.

  3. Click the appropriate <keystore name> to which you want to add the new certificate.

    Only self-signed certificates and chained certificates signed with root certificates from the root keystore can be renewed.

  4. Under Additional Properties, click Personal certificates to list the personal certificates.

  5. 5. Select a personal certificate from the list.

  6. 6. Click the Renew button.

  7. Click Apply then OK.



The certificate is renewed in the key store selected in the path to this panel . If the certificate is not a self-signed certificate or a chained certificate signed with a root certificate from the default root store, an error is returned.

If this command is used with a CA certificate, an error occurs.


Related tasks

Create an SSL configuration